I think we should have some sort of disincentive for people that send
out mail like this.
Like maybe running a booth on Sproul about phishing during lunch :-)
It is amazing what a little social embarrassment does to solve
problems. Years and years ago, we had problems with developers
"breaking the build", that is, checking in code that did not compile.
We would have the offender wear a goofy hat at group lunch. The mistake
was made much less frequently after that. Fortunately, continuous
integration and tools like Eclipse more effectively solved the problem.
Seriously though, what is the status of the policy for these sorts of
emails?
Campus-wide lists with more than n people must be moderated if we are
going to prevent desensitizing people to phishing attacks.
I'd be happy to let someone else set the value of n, but I think n=250
or n=500 would help.
_Christopher
On 3/30/15 12:16 PM, Kathleen VALERIO wrote:
Hi Micronet,
This is a legitimate survey from Towers Watson, a well respected
company that does research. A message from UCOP was passed through
Cal Messages to All Staff was sent by Jeannine Raymond AVC of HR,
March 25th alerting people that this survey was coming. Text pasted
below.
*************************
Jeannine Raymond Assistant Vice Chancellor - Human Resources
(campus-wide)
Mar 25 (5 days ago)
to Staff
/(sent on behalf of Marie Hairston, UCOP)/
UCOP has announced that the second systemwide UC Staff Engagement
Survey will begin the week of March 30th. The survey will be conducted
among a representative sample of UC Staff employees and will ask for
opinions about a range of topics that focus on employee engagement.
The results will provide direct feedback that help shape how we all
work at UC. If you are randomly selected to participate, UCOP will
contact you directly via email.
For more on this, please read the UCnet article online
<http://ucnet.universityofcalifornia.edu/news/2015/03/new-survey-asks-staffs-opinions-about-working-at-uc.html>.
Marie Hairston
Systemwide Director of ER
UC Office of the President
/If you are a manager who supervises UC Berkeley employees without
email access, please circulate this information to all./
*Please do not reply to this message*
*********************************************
I don't know who - if anyone from Jeannine's office should have
communicated more dorectly with the folks who oversee email to
make the program clearer, but they did attempt to reach out in advance.
All for now.
Yours truly,
Kathleen Valerio, CalPact Coordinator
*Talent & Organizational Performance*
192 University Hall
2199 Addison St.
Berkeley, CA 94720-3540
Ph 510 643-0452
[email protected] <mailto:[email protected]>
@KathleenValeri0
"Life isn't about finding yourself. Life is about creating yourself."-
George Bernard /*UC Berkeley* //* reimagines the world *//by
challenging convention *//to shape the future./
On Mon, Mar 30, 2015 at 10:56 AM, Kevin Burney <[email protected]
<mailto:[email protected]>> wrote:
Phishing???
If this is legitimate they should not use links contained in the
email. A simple way to mitigate this is to tell people to go a
trusted system like BLU or “UCOP - At your service” (not a link to
the location) and use a link posted there without requiring the
recipient to click on a link contained within the email.
The following item is listed on the Anti-Phishing posters located
throughout the campus.
“If you didn’t expect it. Reject it! Don’t Click on Unexpected Links”
Let’s be consistent.
Security policies are not effective if there are some that should
be followed and others that should not.
Exceptions are one of the worst things for policies and/or
guidelines. Is it ok to click on a link because it says it is a
questionnaire from UC or someone representing UC? Who is this
@towerswatson.com <http://towerswatson.com>?
Is this part of the testing program that the campus announced
would be going on to analyze peoples use in clicking on phishing
attempts?
It feels to me that system wide communications should be vetted by
a UC security team member before sending it out to the masses.
https://security.berkeley.edu/content/phishing-scams-ongoing-threat-campus
https://security.berkeley.edu/content/anti-phishing-faq-and-tips
-Kevin Burney
_________________________________
Kevin D. Burney
Active Directory Systems Engineer
Enterprise Windows Team
University of California, Berkeley
(510) 827-8476 <tel:%28510%29%20827-8476>
The following is an excerpt from an SNS web page:
How can I identify a phishing scam?
The first rule to remember: *Never give out any personal
information in email.* No institution, bank or otherwise, will
ever ask for this information via email. It may not always be
easy to tell whether an email or website is legitimate, but there
are many tools to help find out.
·In the body of an email, you might see questions asking you to
“verify” or “update your account” or “failure to update your
records will result in account suspension.” It is usually safe to
assume that no credible organization to which you have provided
your information will ever ask you to re-enter it, so do not fall
for this trap.
·Any email that asks for your personal or sensitive information
should be seriously scoured and not trusted. Even if the email has
official logos or text or even links to a legitimate website, it
could easily be fraudulent. Never give out your personal information.
What can I do to avoid Phishing attacks?
Click and review these 5 essential Anti-Phishing tips to avoid
being "Phished":
1.Passwords in Email = Epic Fail. Never send your passwords in
email! <https://security.berkeley.edu/node/469>
2.If you didn't expect it, reject it. Don't click unexpected
links! <https://security.berkeley.edu/node/470>
3.Hover to Discover. Look out for deceptive links!
<https://security.berkeley.edu/node/473>
4.Check for Trash Before the Slash. Verify
"https://auth.berkeley.edu/"; in your browser bar before entering
CalNet credentials! <https://security.berkeley.edu/node/475>
5.Is it a Phish? Drop us a line.
<https://security.berkeley.edu/node/476>
*From:*[email protected]
<mailto:[email protected]>
[mailto:[email protected]
<mailto:[email protected]>]
*Sent:* Monday, March 30, 2015 10:02 AM
*To:* [email protected] <mailto:[email protected]>
*Subject:* 2015 Staff Engagement Survey
Dear UC Colleague:
You are invited to participate in the 2015 Staff Engagement
Survey. You may have seen the announcement on UC Net
<http://ucnet.universityofcalifornia.edu/news/2015/03/new-survey-asks-staffs-opinions-about-working-at-uc.html>or
on your campus news site about a survey the Council of University
of California Staff Assemblies (CUCSA), in collaboration with
Systemwide Employee Relations, is conducting among a
representative sample of UC Staff employees. You have been
selected to participate in this survey.
The survey asks for your opinions about a range of topics that
focus on employee engagement. Your views are very important and
provide direct feedback that will help shape how we will all work
at UC. This is the second systemwide UC Staff Engagement Survey.
The first was conducted in 2012. Results from that survey were
shared with Senior Leadership at UCOP as well as the Chancellors
or senior administrators at each location.
Results from the 2015 survey compared to the 2012 results will
help us determine areas where progress was made, as well as areas
that may need further effort and focus. We encourage you to take
about 15 minutes to complete this survey while at work. Please
submit your response by *April 17, 2015*.
The survey is being conducted by Towers Watson, an independent
consulting firm specializing in employee surveys and research.
Towers Watson does not report individual names or opinions, so
your answers will remain strictly confidential. Your responses,
combined with others, will help leadership understand what’s
important to you and what’s working well or needs improvement.
*How to Participate*
To take the survey, please click on the link below:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
The survey will be open from March 30, 2015 through April 17, 2015.
*Please do not forward this email to others. *If you have any
questions or experience difficulties accessing the survey, please
email Towers Watson at [email protected]
<mailto:[email protected]>.
Again, thank you for sharing your views and helping to improve UC.
Sincerely,
Rob Kerner, Chair of the Council of UC Staff Assemblies (2014-15)
Greta Carl-Halle, Chair-Elect of the Council of UC Staff
Assemblies (2014-15)
Marie-Ann Hairston, Director Systemwide Employee Relations Programs
/Notice of Confidentiality/
This transmission contains information that may be confidential.
It has been prepared for the sole and exclusive use of the
intended recipient and on the basis agreed with that person. If
you are not the intended recipient of the message (or authorized
to receive it for the intended recipient), you should notify us
immediately; you should delete it from your system and may not
disclose its contents to anyone else.
This e-mail has come to you from Towers Watson Delaware Inc. or
Towers Watson Pennsylvania Inc.
-------------------------------------------------------------------------
The following was automatically added to this message by the list
server:
To learn more about Micronet, including how to subscribe to or
unsubscribe from its mailing list and how to find out about
upcoming meetings, please visit the Micronet Web site:
http://micronet.berkeley.edu
Messages you send to this mailing list are public and
world-viewable, and the list's archives can be browsed and
searched on the Internet. This means these messages can be viewed
by (among others) your bosses, prospective employers, and people
who have known you in the past.
ANNOUNCEMENTS: To send announcements to the Micronet list, please
use the [email protected]
<mailto:[email protected]> list.
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:
To learn more about Micronet, including how to subscribe to or unsubscribe from
its mailing list and how to find out about upcoming meetings, please visit the
Micronet Web site:
http://micronet.berkeley.edu
Messages you send to this mailing list are public and world-viewable, and the
list's archives can be browsed and searched on the Internet. This means these
messages can be viewed by (among others) your bosses, prospective employers,
and people who have known you in the past.
ANNOUNCEMENTS: To send announcements to the Micronet list, please use the
[email protected] list.
--
Christopher Brooks, PMP University of California
Academic Program Manager & Software Engineer US Mail: 337 Cory Hall
CHESS/iCyPhy/Ptolemy/TerraSwarm Berkeley, CA 94720-1774
[email protected], 707.332.0670 (Office: 545Q Cory)
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:
To learn more about Micronet, including how to subscribe to or unsubscribe from
its mailing list and how to find out about upcoming meetings, please visit the
Micronet Web site:
http://micronet.berkeley.edu
Messages you send to this mailing list are public and world-viewable, and the
list's archives can be browsed and searched on the Internet. This means these
messages can be viewed by (among others) your bosses, prospective employers,
and people who have known you in the past.
ANNOUNCEMENTS: To send announcements to the Micronet list, please use the
[email protected] list.
