People keep reporting emails that say something like:
Dear network user,
Your account has violated a quota and will be turned off.
To avoid this, email your login name and password to
Signed, wou.edu administrator
To us geek types, this is obviously a scam. I just keep getting reminded that other people don’t instantly spot this for what it is, even when it tells them to send their info to a non-WOU address. It can be even harder to spot when the From: address on the email is something like firstname.lastname@example.org, or the message tells you to go to a link that looks like it’s on our website but actually goes elsewhere.
So really what we need are some general rules of thumb. The first and most obvious is never, ever, ever, EVER put your password into an email message. Never. And did I mention never? Of course this means we UCS folks should never ask someone for their password except in person — we really don’t even want to get users in the habit of saying their password over the phone.
Another rule of thumb would be never trust emails from generic addresses. When we send messages out, they’ll have a specific name on them, not just “email@example.com” or some such.
If we agree on this among ourselves and communicate it to users, hopefully that’ll help everybody.
A few weeks ago, when Brian was on vacation, some of the rest of us had a communication breakdown about creating new user accounts, and several new employees had to wait entirely too long before they could log on. This was at least partially my fault.
Brian is going to be gone again next week, but this time we won’t have these problems because we’ve improved the process. First of all, we found out why most of the notifications were misrouted and fixed that. Also, I’ve added some more automation to the faculty/staff account creation system, so there’s less work to do. I can’t really talk about the details because that would mean giving out too many specifics about our servers, but several steps that formerly had to be done by hand now happen by themselves. The weird part was how easy it was to do, once we took another look at the process; once upon a time it had to be complicated, but thanks to various changes we’ve made in the last few years, a bunch of stuff was no longer needed.
Anyway it’s way the heck late at night and I need to get out of here. At least the prettymail stuff is working , um, pretty well. (Yeah, this is my 2AM sense of humor.)
Well, I just rolled out the new version. It’s been tested against all messages sent during the time we last tried this, and they all worked, but software releases don’t tend to survive contact with the users, so we’ll see what happens. Let’s just hope the bugs are tiny.