Educause Security Discussion mailing list archives
Re: Aggressive and misleading advertising
From: "Menne, Michael S" <michael.menne () MNSU EDU>
Date: Fri, 13 Sep 2019 19:49:17 +0000
We haven't had direct issues such as this, but we did have a local rental company that got themselves infected and started spamming our students (via their internal address lists). We blocked them. This sounds like spam. We normally don't take any action on just spam, but this one I would. I would block them for unauthorized advertising, then start asking questions about where they got the information. The "sample" message would be considered misleading and lead to a panic on campus. Given their "sample" message, there may actually be a legal case to be had against them. This would also be a violation of the CAN-SPAM act (https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business). At the very least, I would notify them that they are violating the CAN-SPAM act. If they don't respond, notify their e-mail hosting provider. We notify hosting providers on a regular basis for phishing issues. Most of them have been very responsive and taken down the offending websites. Michael Menne, CISSP Chief Information Security Officer IT Solutions Information Security Minnesota State University, Mankato Phone: (507) 389-5705 www.mnsu.edu/its/security<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mnsu.edu%2Fits%2Fsecurity&data=02%7C01%7Cmichael.menne%40mnsu.edu%7Cc3f4cd9ab99f4649715b08d711fdf18b%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C636997654686922241&sdata=NzHU9kDya1V9tYgnABc4v7zjESJZYry6TOWstB%2FZSZs%3D&reserved=0> [signature_2008603909] Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Langford, Matthew Sent: Friday, September 13, 2019 1:58 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Aggressive and misleading advertising We had a company <Wildfire> sending hundreds of emails an hour to our student population. The advertising implies that this is a resource the belongs to campus before saying at the bottom they are unaffiliated with campus. They also use two hooks I really don't care for. They have acquired the students names in addition to their email address (which isn't published or shared) and they use the users first name in the subject line and second the message they share indicates a fire at the library as a "sample" message but they don't make that clear. Have any others encountered this issue? Did your institutions take any actions to halt the campaign? Matt Langford Chief Information Security Officer IM&T - Office of Information Security University of Northern Colorado Campus Box 19 Greeley, CO 80639 O: 970-351-1420 Help us, help you! Report all technical issues to the TSC. Phone: 970-351-4357 or 800-545-2331 Online: help.unco.edu<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fga.unco.edu%2Fclick.php%2Fe1383%2Fh167629%2Fs85592f876a%2F&data=02%7C01%7Cmichael.menne%40MNSU.EDU%7Cba88f92753a1467556eb08d7387c5a3b%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C1%7C637039979049307371&sdata=9dnDNHJa6FgFV7azWDt7hh8hNWD3xM5hp3RlVarJXEQ%3D&reserved=0> Email: help () unco edu<mailto:help () unco edu> Walk-In: University Center Lower Level ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cmichael.menne%40MNSU.EDU%7Cba88f92753a1467556eb08d7387c5a3b%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C1%7C637039979049307371&sdata=BR6X%2F7b3NaR4gkGIbwi%2BlvLeaXGR4i63mblQ%2FIkpyCw%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Aggressive and misleading advertising Langford, Matthew (Sep 13)
- Re: Aggressive and misleading advertising Menne, Michael S (Sep 13)
- Re: Aggressive and misleading advertising Bryce Porter (Sep 13)
- Re: Aggressive and misleading advertising Langford, Matthew (Sep 16)