Original Phishing Message

NOTE: If you received this message, please simply delete it as it is NOT legitimate. Do not click on the link.

Tips for Detection

• Emails containing threats to withhold payment or terminate your account and asking you to click a link to verify your email are generally not legitimate. A sense of urgency is common in phishing emails.
• Notice the maroon “Caution” banner prepended to the message. Messages with this banner match patterns of other phishing emails.
• The sender of this email it outside the university.
• Legitimate messages from Human Resources will come from an @pugetsound.edu address.

Where Did the Link Lead?

The link led to a fake Outlook Web App log in page on betimar[.]com/OWA/. Do not enter your credentials on sites you do not recognize. Remember, the website to log in to your Puget Sound email is webmail.pugetsound.edu.

Text of Phishing Message

From: sheree.henton[@]bisd[.]net
Subject: RE: Payroll Earning Statement

Your Earning Statement for the month of February is attached in the link below. All staff & employees are expected to verify their email account for a new payroll directory and adjustments for the month of February. Kindly Click Earning-Statement and complete the required directive to avoid ‘Hold’ of your benefit payment for February 2022.

Thank you,
Payroll Admin Department.