Very well put. It does, though, bring to the fore a very fundamental
question: who's reading this stuff? We are, it would seem, "preaching to
the choir" in that a list like this one comprises, what, 2% of the entire
UVM population of staff and faculty that might see this kind of useful
stuff? Therein lies the real problem - the vast majority of those who are
likely to fall prey to this kind of phish do not read, much less know
about, lists like this one. And it would seem we have no mechanism in
place at all that can reach that vulnerable audience. It would be most
interesting (and I think extremely useful), if it were possible to connect
real names of those who got phished to IPs that we can, I think, determine
already went to the site and/or entered their "data". I think we would
get a rather interesting demographic profile - users who never see the
postings on this list or web articles we publish on our sub-site that they
don't have any real reason to visit. Education is the key. I just don't
think that a list or a webzine approach is doing it.
University of Vermont
Phone: (802) 656 2013
"You are nestled in our hearts forever"
On Mon, 30 Apr 2012, J. Greg Mackinnon intoned:
JGM:I think Larry's question suggests that a lot of people in the community
JGM:could stand a review of phishing attack indicators. In this case, there are
JGM:several. Regrettably, I deleted my own copy of the scam, so I cannot
JGM:analyze this particular message exhaustively. However, Wes's observations
JGM:alone are enough to expose this as phish.
JGM:Any time that you receive a link in an email, verify that the domain that it
JGM:points to jibes with the source of the sender and the intent of the message.
JGM:In this case, who send the message to you? Microsoft? Or UVM? Or someone
JGM:else entirely? If it was UVM, why would we send you to to "bit.from-fl.com"
JGM:to "reconfigure your Outlook Client"? If it was from Microsoft, why would
JGM:the target URL not be "microsoft.com"? If it was neither UVM nor Microsoft,
JGM:why would the sender have any authority over the configuration of your
JGM:There are other give-aways here. The message gives you no indication as to
JGM:why you need to "reconfigure Outlook", nor what following the link will do
JGM:to your client, nor how you can get help if you have problems with the link.
JGM:All of this is information that you should expect from a valid Microsoft or
JGM:UVM tech support announcement. If the message does not explain these points
JGM:adequately, it is either a scam, or it came from an IT staff member who
JGM:needs a stern talking-to.
JGM:Finally, I noticed that my copy of the message stated that I needed to
JGM:update "Outlook 2012". Since Outlook 2012 does not exist (the current
JGM:version is 2010), I deleted the message immediately.
JGM:There are lots of online resource available to help you identify a phish.
JGM:Google around a bit. A good starting point might be:
JGM:On this page, ebay support explains how to spot a fake email message from
JGM:ebay. Much of what is covered here also applies to communications from UVM
JGM:-J. Greg Mackinnon | ETS Systems Architecture and Administration | x68251
JGM:On 4/30/2012 1:00 PM, Larry Kost wrote:
JGM:> A bunch of folks have received the following.
JGM:> Notification ID: 32SZA1Q
JGM:> - Please reconfigure your Microsoft Outlook information again .
JGM:> - Click on the link below to setup .
JGM:> Is it real or a hoax? As far as I know, there is only person in my
JGM:> department who even used Outlook.