cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Viewer III

Genuine or phishing attempt?

I received this email earlier today from donotreply@isc2.brightspace.com. Is this a genuine isc2 communication?

 

You have been enrolled in D2L Support - D2L Support for ISC2 - International Information System Security.

To access D2L Support - D2L Support, log into ISC2 - International Information System Security using your username myemail and password, then select D2L Support from your list of courses.

16 Replies
Advocate I

Re: Genuine or phishing attempt?


@RobEllis wrote:

I received this email earlier today from donotreply@isc2.brightspace.com. Is this a genuine isc2 communication?

 


Rob,

Probably not phishing or spam, since Brightspace appears to be the course management contractor for (ISC)2, operating the web site learn.isc2.org . Other threads relating to posting CPE based on (ISC)2 courses or registering for (ISC)2 courses have mentioned Brightspace. Linking to their home page at www.brightpace.com redirects to and lands on www.d2l.com

 

With the major overhaul of the set of (ISC)2 web sites last year, to include creation of this Community, (ISC)2 set up a relatively complex set of multiple contractor companies running separate domains and supporting the cross linking. Thus, www.isc2.org, cpe.isc.org, community.isc2.org,  and learn.isc2.org, are each run separately, with all of them using isc2org.okta.com as a single sign-on manager across all of those sites.

 

The challenge that (ISC)2 has not adequately solved is how to manage e-mail sent from each of those separate companies. Apparently, Brightspace has not been authorized to use the main (ISC)2 mail server to send out their mail related to learn.isc2.org. A large number of enterprises have set up the same problem by using a mass mail manager such as Constant Contact for marketing and awareness e-mail campaigns.  

 

Dr. D. Cragin Shelton, CISSP
CraginS@gmail.com
https://CraginS.blogspot.com/
Newcomer I

Re: Genuine or phishing attempt?

I received the same and when I hover over the link it seems proper but of course I did not click on it. I instead logged in and checked out my learning. Nothing there but a GDPR course. I suspect we will be getting a "Sorry you inadvertently received an email" email soon.
Newcomer III

Re: Genuine or phishing attempt?

That’s probably the best thing to do and a good tip as well. Never click a link. Go to the website itself and check.
Moderator

Re: Genuine or phishing attempt?

@RobEllis Thank you for reaching out to us regarding the registration into the D2L Support course.

This is not a phishing email; however, the registration/email was sent by error. Please disregard. We apologize for any confusion.

 

Best Regards,

Amanda Vance

 

Advocate I

Re: Genuine or phishing attempt?


@CraginS wrote:
www.isc2.org, cpe.isc.org, community.isc2.org,  and learn.isc2.org, are each run separately ... The challenge that (ISC)2 has not adequately solved is how to manage e-mail sent from each of those separate companies. 

 

Bottom line is that we need to simultaneously need to ensure 3rd parties should not be able to send mail that is indistinguishable from our corporate email, but that their emails "look legitimate".

 

Our messaging guy worked out a solution to this.  We ask Brighttalk to send emails from something@learn.isc2.org and then we add their mail settings (MX, SPF, etc) to the learn.isc2.org DNS entry itself.  This allows the Brighttalk emails to pass both smell and validation checks.  It also prevents Brighttalk from forging our CEO's emails.  If replies need to go somewhere reasonable, we ask they include a message header "reply-to: member-support@isc2.org".

 

 

Highlighted
Advocate II

D2L?

I have been enrolled in the online course for D2L Support!  Lucky me!

 

Trouble is, I didn't ask to be enrolled.  I just got a notification that I was enrolled.  In fact, until a few minutes ago, I had no idea what D2L was, let alone want to support it.

 

It seems to be related to BrightSpace, those brightsparks who provide the infrastructure for the ISC2 courses on GDPR (complete with large sets of errors) and what to do if someone is actively shooting at you.  (Duck?)  D2L seems to list itself as a separate company, though, aka Desire2Learn, so maybe it is an infrastructure behind the infrastructure.  (It does seem to have some connection with various colleges.)

 

Anybody else?


............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Viewer III

Re: Genuine or phishing attempt?

Thanks for confirming Smiley Happy

Community Manager

Re: D2L?

Hello @rslade

 

I believe you are talking about the same things as this thread in the community here: Genuine or phishing attempt?  There was an email sent in error from D2L, we apologize for any inconvenience this may have caused. Our teams are looking into it; however, you can disregard the email at this time. 

 

If you confirm that this is the same, I can merge the two posts together in the Community. 

 

 

Thanks, 

 

Samantha O'Connor
(ISC)² Online Community Manager
Advocate II

Re: D2L?

Ah.  Yeah, probably.

 

Herewith the full text with headers:

 

Return-Path: donotreply@isc2.brightspace.com
Received: from mi06-ssvc.dcs.int.inet (LHLO mi06.dcs.int.inet)
 (10.0.141.211) by cds130.dcs.int.inet with LMTP; Wed, 7 Nov 2018 17:12:34
 -0700 (MST)
Received: from us04psmtp.brightspace.com ([34.192.219.221])
    by cmsmtp with ESMTP
    id KXw0g39L585hUKXw2g4wfs; Wed, 07 Nov 2018 17:12:34 -0700
X-Authority-Analysis: v=2.3 cv=c5t6vi1l c=1 sm=1 tr=0
 a=s7ttwxT6BZOTtU1gLNnecA==:117 a=s7ttwxT6BZOTtU1gLNnecA==:17
 a=IkcTkHD0fZMA:10 a=JHtHm7312UAA:10 a=kp2It1cLG0kA:10 a=bec8-HjUAAAA:8
 a=_Dj-zB-qAAAA:8 a=9dNCaxv6scXIjPRefXoA:9 a=QEXdDO2ut3YA:10
 a=uqhqpWusF5nysF070nEo:22 a=c-cOe7UV8MviEfHuAVEQ:22 awl=host:2067
Received: by us04psmtp001b.aue1.int.d2l (Postfix, from userid 1001)
    id 717B6436F2; Thu,  8 Nov 2018 00:12:32 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
    us04psmtp001b.aue1.int.d2l
X-Spam-Level:
X-Spam-Status: No, score=-1.8 required=8.0 tests=ALL_TRUSTED,BAYES_00,
    HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY autolearn=no
    autolearn_force=no version=3.4.0
Received: from isc2.brightspace.com (us04pmail002a.aue1.int.d2l [172.27.2.230])
    by us04psmtp001b.aue1.int.d2l (Postfix) with ESMTP id 64322423C9
    for <rmslade@shaw.ca>; Thu,  8 Nov 2018 00:12:29 +0000 (UTC)
Authentication-Results: us04psmtp001b.aue1.int.d2l; dmarc=none header.from=isc2.brightspace.com
Received: from US04PWC007AA37 ([172.27.26.195]) by isc2.brightspace.com with Microsoft SMTPSVC(8.5.9600.16384);
     Thu, 8 Nov 2018 00:12:29 +0000
To: <rmslade@shaw.ca>
From: "learn@isc2.org" <donotreply@isc2.brightspace.com>
Message-ID: <8f73e6ea5b4f419099f59de9b4109066@isc2.brightspace.com>
Date: Thu, 08 Nov 2018 00:12:29 +0000
Subject: D2L Support - D2L Support: Enrollment Confirmation ISC2 - International Information System Security
MIME-Version: 1.0
Content-type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-OriginalArrivalTime: 08 Nov 2018 00:12:29.0619 (UTC) FILETIME=[BCBE8830:01D476F7]
X-Virus-Scanned: clamav-milter 0.99.3 at us04psmtp001b
X-Virus-Status: Clean
X-CMAE-Envelope: MS4wfM2Gt9E4nziHuK6Op3MAKSx7jVLN1Dp1ORO4V5Ou+WS0nt0RTTjO7iIeIKDnEQW65nHJmvpckZAKxq4SlrHzYUnKmswmuIsAkZSSeUpuDK8ZLpuJLI+v
 lMdJDeBsZEFAgNVEErXIFk/HMBzyQhBr6K0neg3OngxnjQVTd21qwGVQNsGP/L6XLLuauz93iPiV9+BZ/9IeQOc7VgfFXjKHl+o=
X-Antivirus: Avast (VPS 181108-4, 11/07/2018), Inbound message
X-Antivirus-Status: Clean
X-PMFLAGS: 34079360 0 1 P777F0.CNM

Hi Robert,You have been en= rolled in D2L Support - D2L Support for ISC2 - International Inf= ormation System Security=2ETo access D2L Support - D2L Suppor= t, log into ISC2 - International Information System Security using your username rmslade@shaw=2Eca and password, then selec= t D2L Support from your list of courses=2E Sent: Wednesday, N= ovember 7, 2018 7:12 PM EST


............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468