Hi Kevin, Yes, this is a legitimate survey. I understand your concern here and it is only one concern among many regarding the campus survey environment. Our office is currently attempting to institutionalize the provision of a service for management and governance of campus surveys (among other "official" campus survey activities). We're hoping to announce something over the summer. I'd be happy to talk more offline if you're interested in hearing more details.
Best, Jeff ~~~~ Jeff Royal, Institutional Research Analyst Office of Planning & Analysis [email protected] opa.berkeley.edu On Mon, Mar 30, 2015 at 10:56 AM, Kevin Burney <[email protected]> wrote: > Phishing??? > > > > If this is legitimate they should not use links contained in the email. A > simple way to mitigate this is to tell people to go a trusted system like > BLU or “UCOP - At your service” (not a link to the location) and use a link > posted there without requiring the recipient to click on a link contained > within the email. > > > > The following item is listed on the Anti-Phishing posters located > throughout the campus. > > “If you didn’t expect it. Reject it! Don’t Click on Unexpected Links” > > > > Let’s be consistent. > > > > Security policies are not effective if there are some that should be > followed and others that should not. > > > > Exceptions are one of the worst things for policies and/or guidelines. Is > it ok to click on a link because it says it is a questionnaire from UC or > someone representing UC? Who is this @towerswatson.com? > > > > Is this part of the testing program that the campus announced would be > going on to analyze peoples use in clicking on phishing attempts? > > > > It feels to me that system wide communications should be vetted by a UC > security team member before sending it out to the masses. > > > > https://security.berkeley.edu/content/phishing-scams-ongoing-threat-campus > > https://security.berkeley.edu/content/anti-phishing-faq-and-tips > > > > > > -Kevin Burney > > _________________________________ > > Kevin D. Burney > > Active Directory Systems Engineer > > Enterprise Windows Team > > University of California, Berkeley > > (510) 827-8476 > > > > > > The following is an excerpt from an SNS web page: > > How can I identify a phishing scam? > > The first rule to remember: *Never give out any personal information in > email.* No institution, bank or otherwise, will ever ask for this > information via email. It may not always be easy to tell whether an email > or website is legitimate, but there are many tools to help find out. > > · In the body of an email, you might see questions asking you to > “verify” or “update your account” or “failure to update your records will > result in account suspension.” It is usually safe to assume that no > credible organization to which you have provided your information will ever > ask you to re-enter it, so do not fall for this trap. > > · Any email that asks for your personal or sensitive information > should be seriously scoured and not trusted. Even if the email has official > logos or text or even links to a legitimate website, it could easily be > fraudulent. Never give out your personal information. > > What can I do to avoid Phishing attacks? > > Click and review these 5 essential Anti-Phishing tips to avoid being > "Phished": > > 1. Passwords in Email = Epic Fail. Never send your passwords in > email! <https://security.berkeley.edu/node/469> > > 2. If you didn't expect it, reject it. Don't click unexpected links! > <https://security.berkeley.edu/node/470> > > 3. Hover to Discover. Look out for deceptive links! > <https://security.berkeley.edu/node/473> > > 4. Check for Trash Before the Slash. Verify > "https://auth.berkeley.edu/"; in your browser bar before entering CalNet > credentials! <https://security.berkeley.edu/node/475> > > 5. Is it a Phish? Drop us a line. > <https://security.berkeley.edu/node/476> > > > > > > > > > > > > > > *From:* [email protected] [mailto: > [email protected]] > *Sent:* Monday, March 30, 2015 10:02 AM > *To:* [email protected] > *Subject:* 2015 Staff Engagement Survey > > > > Dear UC Colleague: > > You are invited to participate in the 2015 Staff Engagement Survey. You > may have seen the announcement on UC Net > <http://ucnet.universityofcalifornia.edu/news/2015/03/new-survey-asks-staffs-opinions-about-working-at-uc.html> > or on your campus news site about a survey the Council of University of > California Staff Assemblies (CUCSA), in collaboration with Systemwide > Employee Relations, is conducting among a representative sample of UC Staff > employees. You have been selected to participate in this survey. > > The survey asks for your opinions about a range of topics that focus on > employee engagement. Your views are very important and provide direct > feedback that will help shape how we will all work at UC. This is the > second systemwide UC Staff Engagement Survey. The first was conducted in > 2012. Results from that survey were shared with Senior Leadership at UCOP > as well as the Chancellors or senior administrators at each location. > > Results from the 2015 survey compared to the 2012 results will help us > determine areas where progress was made, as well as areas that may need > further effort and focus. We encourage you to take about 15 minutes to > complete this survey while at work. Please submit your response by *April > 17, 2015*. > > The survey is being conducted by Towers Watson, an independent consulting > firm specializing in employee surveys and research. Towers Watson does not > report individual names or opinions, so your answers will remain strictly > confidential. Your responses, combined with others, will help leadership > understand what’s important to you and what’s working well or needs > improvement. > > *How to Participate* > To take the survey, please click on the link below: > > XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX > > The survey will be open from March 30, 2015 through April 17, 2015. > > *Please do not forward this email to others. *If you have any questions > or experience difficulties accessing the survey, please email Towers Watson > at [email protected]. > > Again, thank you for sharing your views and helping to improve UC. > > Sincerely, > > Rob Kerner, Chair of the Council of UC Staff Assemblies (2014-15) > Greta Carl-Halle, Chair-Elect of the Council of UC Staff Assemblies > (2014-15) > Marie-Ann Hairston, Director Systemwide Employee Relations Programs > > *Notice of Confidentiality* > > This transmission contains information that may be confidential. It has > been prepared for the sole and exclusive use of the intended recipient and > on the basis agreed with that person. If you are not the intended recipient > of the message (or authorized to receive it for the intended recipient), > you should notify us immediately; you should delete it from your system and > may not disclose its contents to anyone else. > > This e-mail has come to you from Towers Watson Delaware Inc. or Towers > Watson Pennsylvania Inc. > > > ------------------------------------------------------------------------- > The following was automatically added to this message by the list server: > > To learn more about Micronet, including how to subscribe to or unsubscribe > from its mailing list and how to find out about upcoming meetings, please > visit the Micronet Web site: > > http://micronet.berkeley.edu > > Messages you send to this mailing list are public and world-viewable, and > the list's archives can be browsed and searched on the Internet. This > means these messages can be viewed by (among others) your bosses, > prospective employers, and people who have known you in the past. > > ANNOUNCEMENTS: To send announcements to the Micronet list, please use the > [email protected] list. > >
------------------------------------------------------------------------- The following was automatically added to this message by the list server: To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site: http://micronet.berkeley.edu Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet. This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past. ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [email protected] list.
