Original Phishing Message
From: Valentina Hernandez <ana[.]herediahernandez[@]austinisd[.]org>
Subject: EMPLOYEE ASSESSMENT ANALYSlS
Where did the link lead?
The link led to a form asking for your credentials. Never submit your credentials in an online form or on websites you do not recognize. Though Jotform is a legitimate site that allows individuals to create forms, the service can be maliciously used by attackers.
Tips for Detection
- Legitimate emails from Human Resources will generally come from an @pugetsound.edu email address. The sender’s email address is from an external domain.
- Does the sender work for the university? Are you expecting this email?
- Notice that the word “analysis” in the subject line is spelled “analysls” to likely avoid spam filter detection. Attackers commonly substitute lookalike characters or images to avoid text-based content filters.
Text of Phishing Message
From: Valentina Hernandez <ana[.]herediahernandez[@]austinisd[.]org>
Subject: EMPLOYEE ASSESSMENT ANALYSlS
Dear Employee,
We are pleased to announce that the Human Resources Department has finalized the performance assessment process for all employees. This is a significant milestone in our ongoing commitment to your professional development and growth within the organization.
Attached to this mail is your report, offering valuable feedback and insights regarding your performance. The report will outline your strengths, identify areas for improvement, and clarify our expectations for your future contributions.
CLICK HERE TO ACCESS REPORT
We encourage you to take the time to review your report thoroughly and address any questions or feedback with your manager.
Best regards,
HR DEPARTMENT.