weird message from secretary wanting me to buy party and office supplies??

[Aster]

Background: Our institution is in summer mode, which means that most professors are away until next Fall. And with COVID, most of the summertime professors are also away and teaching remotely. We also have lost most  of our senior administrators and their administrative secretaries within the last year, and are just in the last few months or so of hiring new replacements. So most everybody is brand new.

So today I'm casually checking my office email from home, and there is a semi-spammed message from one of the new administrative secretaries. She's telling me that there's a party scheduled for the new dean in a few days, with food and drinks (during COVID?!!). Now mind you, our campus is in a high-COVID area, our area vaccination rates are not the best, and we have strict social distancing and mask mandates in place. So it's pretty nuts to me that the secretary has scheduled an office party. Honestly, assuming that our professors are even checking their summer emails, I doubt that few would be coming onto campus except for mission critical tasks.

So that's the party notification. It's pretty weird in itself. Now it gets even kookier. The semi-spammed email includes a listing of party supplies that are needed. This includes foods, drinks, eating utensils, paperware, and decorations. Some of the decorations are pretty outlandish, like *college graduation* level of outlandish.  We're talking floral displays, centerpieces, banners and posters, the whole works. I am not sure why the college is not paying for any of this, or if it is, why we are all being emailed this list of party supplies so that it looks like we're supposed to shop and buy these supplies.

Now, also embedded in the list of party supplies for us to purchase are several kitchen appliances. Yes, you heard that right. Kitchen appliances. Like, a microwave oven and other stuff in that price range. From what I can see of the list of kitchen supplies, it looks like somebody is wanting to buy a full office kitchenette appliance suite with everything included except the refrigerator. WTF??

I have worked in Higher Education for over 20 years, and I have never seen anything like this. I am literally looking at an email asking professors and staff to personally purchase office and party supplies for a party for an incoming dean. And during the summer when nobody is on campus. And during COVID.

The email is semi-spammed. There is little advance notice of the party. I do not know any of these people. I am not planning on going to campus when this party is scheduled. I am certainly not comfortable attending such a party even if I was on campus (I certainly would not be eating and drinking at it). And I am certainly not going into town to shop for and purchase party decorations and a kitchen appliance out of my own money. That is just... bizarre and completely inappropriate.

Has anyone here ever heard of anything like this? How would you respond?

[arcturus]

This sounds like a phishing email. If you were to reply to the message, it is likely that the response would be something along the lines that if it was too difficult for you to purchase the items yourself, a contribution through a gift card would be an acceptable alternative.

I have received phishing email that was nominally from my department chair, where they had copied the department web page contact information as the signature line, so it looked official, and used an email address that was similar, but not identical to the university email. At the time, the standard hook was something along the lines 'I am running late, could you do me a favor.' Which was then followed by the request for gift cards (for an ostensibly reasonable purpose).

Just delete and move on.

[sinenomine]

Agreed with the reply above — it's a scam email.

[Puget]

This sounds like a phishing email. If you were to reply to the message, it is likely that the response would be something along the lines that if it was too difficult for you to purchase the items yourself, a contribution through a gift card would be an acceptable alternative.

I have received phishing email that was nominally from my department chair, where they had copied the department web page contact information as the signature line, so it looked official, and used an email address that was similar, but not identical to the university email. At the time, the standard hook was something along the lines 'I am running late, could you do me a favor.' Which was then followed by the request for gift cards (for an ostensibly reasonable purpose).

Just delete and move on.

Yep, that phishing attack has hit our campus multiple times as well-- it is very common. Just delete the email and don't click on any links! Report it to your IT office.

[Ruralguy]

Since you probably wouldn't partake in this anyway, don't reply.

If you think it might be phishing, and I agree that it seems possible, send it to IT with your suspicions. 

[jerseyjay]

I would report it to the IT for two reasons:

1. It most likely is a phishing attempt and IT should know about it to take appropriate steps;

2. In the rare chance it is real, the IT department would probably indicate so.

As I noted on an earlier thread, my administration is in the habit of making us take annual online training (what to do in the case of a mass shooting, title IX, etc), which are contracted out to third party vendors who send fishy (phishy?) emails requesting login credentials, etc. I almost always report these, and I get a curt reply from IT telling me they are legitimate. So if this is real, presumably the IT department will tell you.

[Morden]

Our IT department sends out "training" phishes periodically. If you report, you get praised; if you ignore, life continues as before; if you click, you get to take more training.

[mamselle]

Report it.

If it's real, some admin somewhere needs to be instructed about proper protocols and prevantatives under the current circumstances.

If it's phishing, IT needs to know about it ASAP (because SOMEONE WILL open it and let the bad bugs into the IT system if it's not stopped).

Just don't open it. Forward to IT unopened.

Oh, wait, you opened it already. Well, yeah, don't click on anything or answer it. Just forward it.

M. 

[Ruralguy]

Usually if something is a Phishing attempt at my school, IT sends out a warning within a few minutes of it being sent out.

If the email is a school email and the individual is in the directory, its probably real.
But who cares? Do you normally reply to summer emails about parties? I more or less ignore those.

[Aster]

Thank you for the replies. I have reported the email as phishing to our IT department. If this is a phishing attempt, it's a very good one.

If it's not phishing, our new secretarial staff will be needing no small amount of training in things to not do at a public university.

[downer]

It's generally sound practice to forward any message from a university administrator asking for informaion to IT and label it as a phishing attempt. Then delete the email.

[euro_trash]

I'd ignore it