Original Phishing Message

NOTE: If you received this message, please simply delete it and do not click on the link. This email is NOT legitimate.

Tips for Detection

• Notice the maroon caution banner prepended to the message. This indicates the message matches patterns of previous phishing attempts.
• Legitimate emails about your Puget Sound account will generally come from an @pugetsound.edu address. This message came from rasha[@]hammad[.]com.
• Notice the sense of urgency in the wording “avoid login interruption” and “required now”. Be cautious as many phishing emails contain a false sense of urgency.
• Always hover over links! In this case, the hyperlink appears to go to a pugetsound.edu site. However, if you hover over it, you will see that it would actually take you to the website https://prestadores[.]oftalmed[.]pt/office47/new/index.html.

Where Did the Link Lead?

The link led to a website https://prestadores[.]oftalmed[.]pt/office47/new/index[.]html designed to steal your Puget Sound username and password. Never enter your credentials on sites you do not recognize.

Text of Phishing Message

From: rasha[@]hammad[.]com
Subject: Email maintenance

Your UPS UNIVERSITY EMAIL account settings are out-of-date. To improve all student/faculty/staff account user experience, privacy policy update is required to avoid login interruption.

Privacy Policy Action Required Now

Visit [link removed]