Slash Boxes

SoylentNews is people

posted by LaminatorX on Wednesday March 05 2014, @06:30PM   Printer-friendly
from the It's-a-trap! dept.

dotdotdot writes:

"I am the IT guy for a small business with about 20 users. We use Microsoft Windows and Office, and I regularly audit our Microsoft volume license usage to make sure we are compliant.

I received an email from Accordo Group Ltd about a Microsoft Volume License Software Asset Management (SAM) License Review. The introduction letter stated, 'Microsoft would like to work with your company to review all Microsoft software products in use throughout your organization. This review process will be undertaken with all customers over a period of time and is intended to help you control your software assets.' The email and all the attachments were written as if they were from Microsoft, not Accordo. My first and last name, as well as the name of my company, were all misspelled.

So this is what I would like to ask SN:
Has anyone else had to deal with this? Are they just phishing for people who will agree to this?"

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Informative) by dotdotdot on Wednesday March 05 2014, @07:28PM

    by dotdotdot (858) on Wednesday March 05 2014, @07:28PM (#11477)

    This is from the FAQ that was attached to the email:

    What happens if I don't complete the information?

    We hope that most of our customers will work proactively with us to ensure a compliant licensing position. However, given the great emphasis Microsoft places on protecting its intellectual property, for those organizations that don't wish to engage in this process, a more formal communication may be made with respect to our licensing rights and your organization's obligations under your Microsoft license agreements.

    "A more formal communication" sounds scary! ;)

    Starting Score:    1  point
    Moderation   +2  
       Interesting=1, Informative=1, Total=2
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 4, Insightful) by bucc5062 on Wednesday March 05 2014, @08:01PM

    by bucc5062 (699) on Wednesday March 05 2014, @08:01PM (#11493)

    On the other hand, a more "formal" communication may have more validity in the form of a registered letter. I would think it a valid defense to say, "I got an unsecure email asking for key information with no way to verify. I did the proper thing and deleted it to avoid any data or system corruption or criminal malfeasance."

    Or something like that.

    The more things change, the more they look the same
    • (Score: 3, Interesting) by frojack on Wednesday March 05 2014, @08:25PM

      by frojack (1554) on Wednesday March 05 2014, @08:25PM (#11502) Journal

      Had dotdotdot been running a properly configured spam filter he would never have seen this message, so you have to assume 95% of the time the company never hears back from the target of this implied threat.

      The translation of that phrase amounts to:
      If you ignore our spam we may have to actually spend 49 cents and send you junk mail via the post office. Registered? Highly unlikely. That costs real money, about 6 bucks [].

      No, you are mistaken. I've always had this sig.
  • (Score: 2, Interesting) by neagix on Wednesday March 05 2014, @10:26PM

    by neagix (25) on Wednesday March 05 2014, @10:26PM (#11554)

    Completely ignore them, do the audit yourself, make a report about which licenses you need to buy to have everything compliant.

    At this point:
    1) keep this report alive for your internal awareness, and keep it updated -OR-
    2) buy all the missing licenses -OR-
    3) plan if you can cut some licensing costs by dismissing unused applications and/or replace with open source software

    And keep in mind that jerks usually come at waves, but you need to handle them down the keys of your business to let them in. In most countries only police forces - when authorized by a judge - can break in some building.

    • (Score: 1) by goodie on Thursday March 06 2014, @12:41AM

      by goodie (1877) on Thursday March 06 2014, @12:41AM (#11628) Journal

      I'd tend to agree with this! If you are not legit you should be. That being said, a quick search seems to point at several people reporting audits from that company in Australia or New Zealand (see for example a company called Veridan talking about Accordo).
      In any case, they are listed under the Microsoft Software Asset Management websie ( rdo-Group-4295754790/appsandservices?LocId=2937113 39324454/ []) although I'm not sure I'd still give them any credit at this point.

      I would ignore this and wait for a follow-up on their part, and then if that ever comes, I'd ask to be contacted by someone from MS to validate the authenticity of their claims (can never be too sure these days with all phishing attempts people do ;) ). Either way I'd never just let someone in like that, you may have very sensitive information on your IT assets and not be willing to let strangers barge in and have access to them, plant malware etc.

      Interestingly, from looking at the MS website and that company's own website, I fail to see where they have any rights to perform these kinds of things for a publisher. It sounds more like engaging customers into an expensive audit and licensing/marketing upgrade process to shell out some cash, probably some of which goes back in their own pocket. They certainly don't describe themselves as the software audit police or something...

      For all you know, they send this bullshit letter to about 100 companies every month and hope to get paid for their audit by MS if they are paid on commission or something (that is, if they do prove to be legit to begin with...).

  • (Score: 1) by artman on Thursday March 06 2014, @02:09AM

    by artman (1584) on Thursday March 06 2014, @02:09AM (#11657)

    You stopped one word short

    "A more formal communication may be made"

    No Sig for me Thanks