Original Phishing Message
Note: If you received this message or a similar one, please delete it and do not click on any links. The message is NOT legitimate.
Tips for Detection
- Notice the maroon caution banner prepended to the message. Messages with this banner match previous phishing attempts.
- Technology Services will not ask you to click on a link to update your email.
- Notice the reference to “Pugetsound University” instead of “University of Puget Sound”.
- Always hover over hyperlinked text. In this case, it was tricky as it appeared to go to a pugetsound.edu website. However, hovering over the link reveals the link would go to https://www[.]cognitoforms[.]com/elizabethphanllc/maintenanceupdate or https://7a815daf[.]sibforms[.]com/.
Where Did the Link Lead?
Note: If you entered your credentials on this form, please call the Service Desk as soon as possible at 253-879-8585 (option 2) as your password is compromised.
The link led to a fake form intended to steal your credentials: https://www[.]cognitoforms[.]com/elizabethphanllc/maintenanceupdate. Never enter credentials on web forms or on sites you do not recognize.
Text of Phishing Message
From: akhanna5[@]lion[.]lmu[.]edu OR hamj[@]gvsu[.]edu
Subject: Maintenance
PUGETSOUND UNIVERSITY/Office365 service is currently undergoing scheduled maintenance on our mail servers due to high levels of queued emails.
All users are mandated to complete this update.
https://www[.]pugetsound[.]edu/technology-support/help-support [LINK REMOVED]