Had similar contact also. I have been contacted via email and phone from someone in North Dakota about licenses several times and it was always the same guy. It was a bit fishy at first, but further dealings with my MS vendor communicating with him showed him to be legit. He was just informing me about renewals and never attempted to get me to renew thru him but rather with my vendor and had the names of the previous vendors.
From: Jonathan Link [mailto:[email protected]] Sent: Wednesday, March 28, 2012 8:01 AM To: NT System Admin Issues Subject: Re: Sophisticated Phising attempt? [2] The poorly named FAQ IS about the only poorly phrased or worded item in the email. On Wed, Mar 28, 2012 at 8:45 AM, Jonathan Link <[email protected]<mailto:[email protected]>> wrote: I received an email purportedly to be from Microsoft about a Software Asset Management (SAM) license review (headers looked like it came from MS, but I'm not an expert). They indicated that they were trying to contact me this week (it was sent on Tuesday, and the only prior contact was a misdirected phone call into one of our director's voicemail[1]). It includes 2 PDFs, one appears to be a report with our name on it, VLPS Report, and it appears to have some correct information as to the customerID. There's a deployment summary spreadsheet and a USA FAQ 2012.pdf. Included in the email are some instructions, a suggestion to use the Microsoft Assessment and Planning Toolkit to help complete the tasks. It includes an email address for [email protected]<mailto:[email protected]> or to contact another person at Microsoft. The person's display name for contacting me is foreign and has (Accenture) in parentheses. It comes from a microsoft.com<http://microsoft.com> email address, however a reply back to that address generated an access denied NDR, but a reply to the other individual did not. I haven't received an email (I also forwareded the email to the other address) in response, and I would have expected a faster turnaround. The email address did contain a phone number, however that phone number, according to 800 notes, has been used in several scams in the past, trying to trick people into giving bank account information to receive a government grant. A physical address is given, but it is the address to the Microsoft campus in Redmond. So, I cautiously viewed the documents on my iPhone. One document, our apparent licensing report appears entirely legitimate. I have had a weak password on the eopen site for a while, just hadn't bothered changing it. Second PDF (USA FAQ 2012[2]) is not viewable on my iPhone, it just displays whitespace, as does the excel file. I'm going to take them to a sandboxed computer to view them later. They also want information returned by April 16th. My other concern is some limited googling has suggested that this might be legitimate, that Microsoft has engaged in third parties to do this, and that there are variations of this process, but those could be cleverly built forums with shills indicating the process is legit, so I turn to this list for advice. In the body of the email there aren't any instructions on where to send the information. If the sender can only send email, having another address to receive this information seems to be necessary. [1] The voicemail was extremely static laden and had several gaps in it. [2] That's a poorly named FAQ and about the only poorly phrased or worded item in the email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
