Tips for Detection

  • Though the email display name contains “pugetsound.edu”, the sending address is customservice[@]untungpcv.com
  • The text of the subject line does not make much sense and could be a bad translation
  • Body of email also contains grammatical errors
  • Technology Services does not allow users to release messages from quarantine
  • Hovering over the “Release Emails” link reveals a suspicious website. Remember to look at the last portion before the / for the actual domain the website is hosted on. In this case, it is nulledfiles[.]net.

Original Phishing Message

Text of Phishing Message

Quarantine Notification

This email is to inform [username]@pugetsound.edu
That few of your new messages have been prevented. You can view and choose what you want them to be placed at.
Severity : High !
Time : 6:13:33 PM , Wednesday, September 23, 2020

Release Emails

Microsoft | Support | Policy

ALl Rights Reserved