Print

Print


Very well put.  It does, though, bring to the fore a very fundamental 
question: who's reading this stuff?  We are, it would seem, "preaching to 
the choir" in that a list like this one comprises, what, 2% of the entire 
UVM population of staff and faculty that might see this kind of useful 
stuff?  Therein lies the real problem - the vast majority of those who are 
likely to fall prey to this kind of phish do not read, much less know 
about, lists like this one.  And it would seem we have no mechanism in 
place at all that can reach that vulnerable audience.  It would be most 
interesting (and I think extremely useful), if it were possible to connect 
real names of those who got phished to IPs that we can, I think, determine 
already went to the site and/or entered their "data".  I think we would 
get a rather interesting demographic profile - users who never see the 
postings on this list or web articles we publish on our sub-site that they 
don't have any real reason to visit.  Education is the key. I just don't 
think that a list or a webzine approach is doing it.

	David Houston
	University of Vermont
	Phone: (802) 656 2013
	**
        "You are nestled in our hearts forever"
        **


On Mon, 30 Apr 2012, J. Greg Mackinnon intoned:

JGM:I think Larry's question suggests that a lot of people in the community
JGM:could stand a review of phishing attack indicators.  In this case, there are
JGM:several.  Regrettably, I deleted my own copy of the scam, so I cannot
JGM:analyze this particular message exhaustively.  However, Wes's observations
JGM:alone are enough to expose this as phish.
JGM:
JGM:Any time that you receive a link in an email, verify that the domain that it
JGM:points to jibes with the source of the sender and the intent of the message.
JGM:In this case, who send the message to you?  Microsoft?  Or UVM?  Or someone
JGM:else entirely?  If it was UVM, why would we send you to to "bit.from-fl.com"
JGM:to "reconfigure your Outlook Client"?  If it was from Microsoft, why would
JGM:the target URL not be "microsoft.com"?  If it was neither UVM nor Microsoft,
JGM:why would the sender have any authority over the configuration of your
JGM:Outlook client?
JGM:
JGM:There are other give-aways here.  The message gives you no indication as to
JGM:why you need to "reconfigure Outlook", nor what following the link will do
JGM:to your client, nor how you can get help if you have problems with the link.
JGM:All of this is information that you should expect from a valid Microsoft or
JGM:UVM tech support announcement.  If the message does not explain these points
JGM:adequately, it is either a scam, or it came from an IT staff member who
JGM:needs a stern talking-to.
JGM:
JGM:Finally, I noticed that my copy of the message stated that I needed to
JGM:update "Outlook 2012".  Since Outlook 2012 does not exist (the current
JGM:version is 2010), I deleted the message immediately.
JGM:
JGM:There are lots of online resource available to help you identify a phish.
JGM:Google around a bit.  A good starting point might be:
JGM:http://pages.ebay.com/education/spooftutorial/index.html
JGM:On this page, ebay support explains how to spot a fake email message from
JGM:ebay.  Much of what is covered here also applies to communications from UVM
JGM:support staff.
JGM:
JGM:-J. Greg Mackinnon | ETS Systems Architecture and Administration | x68251
JGM:
JGM:On 4/30/2012 1:00 PM, Larry Kost wrote:
JGM:> A bunch of folks have received the following.
JGM:> 
JGM:> Notification ID: 32SZA1Q
JGM:> ==========================================
JGM:> - Please reconfigure your Microsoft Outlook information again .
JGM:> - Click on the link below to setup .
JGM:> 
JGM:> http://www.microsoft.com.outlook.setup.bit.from-fl.com/outlook/index.php?id=32SZA1Q 
JGM:> =========================================
JGM:> 
JGM:> Is it real or a hoax?  As far as I know, there is only person in my
JGM:> department who even used Outlook.
JGM:> 
JGM:> LLK
JGM: