I followed up with various people about this.
TL;DR: This message really, really looks like spearfishing. Anyone who
clicks on those links really needs the training. Various people
complained to various other people, who knows if the problem will continue.
Details:
The email message was especially dangerous because it had a deep link
that ended up at the CalNet login page.
In addition, the headers were classic, the message had a From: line from
a Berkeley address, yet the lines above were not Berkeley machines. The
next time this happens, I'll follow up with consult@berkeley about why
this message was not rejected.
I emailed security@berkeley and I was told that ISP contacted UCOP and
asked them to not send this sort of message.
In addition, my faculty member supervisor (who was also cc'd for each
employee and student) contacted the Vice Provost, who was happy to hear
from faculty about this issue. Presumably, the Vice Provost also
followed up with someone.
I've been forwarding messages like this to security@berkeley, who are
respond promptly and are sympathetic, but don't always take direct action.
https://security.berkeley.edu/faq/phishing/how-do-i-report-phishing-or-suspicious-email
says:
How do I report a Phishing or suspicious email?
If you receive an email you are not sure about, /*forward*/ the
suspicious email -- */don't reply/* -- to cons...@berkeley.edu(link
sends e-mail) <mailto:cons...@berkeley.edu> or call the CSS-IT Service
Desk at 510-664-9000. The email can be blocked from the campus system
to prevent others from falling victim to the Phishing attack.
After chasing a few of spearfishing messages down, my current thinking
is that the correct procedure is to email the person who sent the
message and educate them as to the problem. I have not been cc'ing
consult@berkeley, so I'll probably start doing that.
I think that by and large, senders of spearfishing messages are amenable
to changing their ways. Recently, I corresponded with someone who had
been sending spearfishing email messages via a CRM service and the next
message that the sent did not include links that said .berkeley.edu, but
pointed elsewhere.
So, it is possible to get traction.
The details about the cyber security training may be found at
http://link.ucop.edu/2015/10/12/complete-cyber-security-awareness-training-by-jan-31-2016/
http://hrweb.berkeley.edu/news/cyber-security-awareness-training
While I think this is a good idea, it is clear that the operators of the
mailing list have not taken the course.
This is like getting a moving violation and on your way to driver's ed.,
the car behind you tailgates you, hits the car next to it while parking,
the driver smells like alcohol and then it turns out that is the
driver's ed. instructor!
Here's an exercise for extra credit:
Is it ethical to take a such a poorly implemented class?
_Christopher
On 1/19/16 12:36 PM, Greg MERRITT wrote:
You never can be too careful with spam! ;)
Inline image 1
-Greg
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:
To learn more about Micronet, including how to subscribe to or unsubscribe from
its mailing list and how to find out about upcoming meetings, please visit the
Micronet Web site:
http://micronet.berkeley.edu
Messages you send to this mailing list are public and world-viewable, and the
list's archives can be browsed and searched on the Internet. This means these
messages can be viewed by (among others) your bosses, prospective employers,
and people who have known you in the past.
ANNOUNCEMENTS: To send announcements to the Micronet list, please use the
micronet-annou...@lists.berkeley.edu list.
--
Christopher Brooks, PMP University of California
Academic Program Manager & Software Engineer US Mail: 337 Cory Hall
CHESS/iCyPhy/Ptolemy/TerraSwarm Berkeley, CA 94720-1774
c...@eecs.berkeley.edu, 707.332.0670 (Office: 545Q Cory)
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:
To learn more about Micronet, including how to subscribe to or unsubscribe from
its mailing list and how to find out about upcoming meetings, please visit the
Micronet Web site:
http://micronet.berkeley.edu
Messages you send to this mailing list are public and world-viewable, and the
list's archives can be browsed and searched on the Internet. This means these
messages can be viewed by (among others) your bosses, prospective employers,
and people who have known you in the past.
ANNOUNCEMENTS: To send announcements to the Micronet list, please use the
micronet-annou...@lists.berkeley.edu list.
