Original Phishing Message

Tips for Detection

• The sending email address is svc-ub-dmp[@]tu-berlin.de.
• Technology Services will not ask you to click a link in an email to keep your password.
• The text of the email contains many extra characters between letters. This method is typically employed to avoid detection by spam filters that look for specific suspicious keywords.
• The link goes to http://www[.]pugetsound086pugetsound[.]gslkorea[.]com which is NOT a Puget Sound site. Authentic Puget Sound sites will end in pugetsound.edu before the first slash /.

Text of Phishing Message

Message is from Pugetsound Office 365

Your password on [username]@pugetsound.edu has expired today and would be blocked anytime. You are advised to keep same password using below button to avoid loosing your data.

KEEP SAME PASSWORD [link removed]

Do Not Reply
One MicroQuick Way
Redmond, WA