Original Phishing Message

Note: If you received this message, simply delete the message as it is not legitimate. Do not open the attachment or supply credentials.

Tips for Detection

• Always check the sender’s email address! Though the display name says “Pugetsound”, the message was sent from an @califacoustics.com email address.
• Notice that in both the display name and subject line, Puget Sound is written as “Pugetsound” which is atypical when referring to the university.
• The inclusion of a Puget Sound logo in an email does not necessarily mean the email is legitimate. Our logo can easily be found on our public website and misused by attackers.
• Technology Services does not currently offer any fax to email service. If you receive any emails about a new faxed document, it is most likely not legitimate.
• This email contained an attachment with a .htm file extension. Generally, use caution with attachments that are .htm or .html since attackers commonly use them to open fraudulent webpages in your browser to try to steal your credentials.

What was in the attachment?

The attachment did not contain any malware. However, it would have opened a webpage with a fake Microsoft Office 365 login page with your email address pre-filled. If you tried to sign in, your password would have been sent straight to the attacker who would then have access to your account. Note: if you entered credentials at this step, please immediately contact the Service Desk at x8585 as your account may be compromised.

Text of Phishing Message

From: katie[@]califacoustics[.]com
Subject: Progressive Billing #2 for Pugetsound

New Fax Received For [username]

You have a new fax document from (677) 677 – 5744.

Pages 2 Full scanned PDF.
Received 29, Jan 2021
Recipient [username]@pugetsound.edu

To view FAX messages, open the attachment and login with your office email to authenticate viewer and enable instant access to all your fax messages on the go.