I just went through renewal and had contact from several consultants and "Microsoft" people (who are actually contractors). Several claimed to have been "trying to contact me", when I had no messages from them.
In the past, I simply reviewed the information that our vendor sent me, increased or decreased license counts, added needed CALS or servers, and was done. This time it took several conference calls with 5-6 people, some with MS, some consultants, plus my vendor (Dell). Numerous emails to repeat information already given to someone else, two people wanting to provide "services" and wanting access to our system to run inventory tools. It was a terrible experience and hope they get their act together. BF From: Jonathan Link [mailto:[email protected]] Sent: Wednesday, March 28, 2012 8:46 AM To: NT System Admin Issues Subject: Sophisticated Phising attempt? I received an email purportedly to be from Microsoft about a Software Asset Management (SAM) license review (headers looked like it came from MS, but I'm not an expert). They indicated that they were trying to contact me this week (it was sent on Tuesday, and the only prior contact was a misdirected phone call into one of our director's voicemail[1]). It includes 2 PDFs, one appears to be a report with our name on it, VLPS Report, and it appears to have some correct information as to the customerID. There's a deployment summary spreadsheet and a USA FAQ 2012.pdf. Included in the email are some instructions, a suggestion to use the Microsoft Assessment and Planning Toolkit to help complete the tasks. It includes an email address for [email protected]<mailto:[email protected]> or to contact another person at Microsoft. The person's display name for contacting me is foreign and has (Accenture) in parentheses. It comes from a microsoft.com<http://microsoft.com> email address, however a reply back to that address generated an access denied NDR, but a reply to the other individual did not. I haven't received an email (I also forwareded the email to the other address) in response, and I would have expected a faster turnaround. The email address did contain a phone number, however that phone number, according to 800 notes, has been used in several scams in the past, trying to trick people into giving bank account information to receive a government grant. A physical address is given, but it is the address to the Microsoft campus in Redmond. So, I cautiously viewed the documents on my iPhone. One document, our apparent licensing report appears entirely legitimate. I have had a weak password on the eopen site for a while, just hadn't bothered changing it. Second PDF (USA FAQ 2012[2]) is not viewable on my iPhone, it just displays whitespace, as does the excel file. I'm going to take them to a sandboxed computer to view them later. They also want information returned by April 16th. My other concern is some limited googling has suggested that this might be legitimate, that Microsoft has engaged in third parties to do this, and that there are variations of this process, but those could be cleverly built forums with shills indicating the process is legit, so I turn to this list for advice. In the body of the email there aren't any instructions on where to send the information. If the sender can only send email, having another address to receive this information seems to be necessary. [1] The voicemail was extremely static laden and had several gaps in it. [2] That's a poorly named FAQ and about the only poorly phrased or worded item in the email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
