Original Phishing Message
NOTE: If you received this message, please delete it as it is NOT legitimate. If you clicked the link and entered any information, please contact the Service Desk as your password may be compromised.
Tips for Detection
- Notice the maroon caution banner prepended to the message.
- This message came from Artlon.Ruiz[@]sweetwaterschools[.]org. Legitimate messages about payroll will come from Human Resources with an @pugetsound.edu address.
- Notice the various grammatical (e.g. “Employee’s”) and wording oddities (e.g. “follow on-screen directive .”).
- The link goes to an online form. Never enter your password on online forms – many attackers utilize legitimate form building services such as Google Forms/Microsoft Forms/JotForm. Even though the site is legitimate, submitting information on these forms goes back to the creator of the form – in this case, cybercriminals.
Where Did the Link Lead?
The link led to an online form asking for your account credentials.
Text of Phishing Message
From: Artlon.Ruiz[@]sweetwaterschools[.]org
Subject: Re: August Payroll-Verification !
All Staff/Employee’s
The Finance and Accounts Unit wishes to advise that payroll will be early for the month of August.
As such, the Finance and Accounts Unit (Payroll) is requesting that all staff /Employee Verification should be done:
Visit: access-payroll [link removed] and follow on-screen directive .
Payroll Account Department.
Copyright © 2022, All rights reserved