Original Phishing Message
Note: If you received this message, you can simply delete the email. It is not legitimate. Please do not click any links.
Tips for Detection
- Note the “Caution” banner prepended to the message. This banner is added by Technology Services on messages that match patterns of previous phishing attempts.
- Technology Services will never ask you to click a link to release pending or quarantined emails.
- The sender’s email address is not an @pugetsound.edu address.
- The “Date” column in the email is in DD/MM/YYYY format which is unusual here.
Where did the Link Lead?
Remember, webmail.pugetsound.edu is Puget Sound’s site to access email.
The link in this phishing email led to a fairly convincing fake sign in page that utilized Puget Sound logos both in the page and in the favicon (image displayed on browser tab). It prefilled the email address of the recipient.
The URL https://secure-vfy[.]fun/upd is a giveaway that the site is fraudulent. Note: If you entered credentials on this page, please immediately contact the Service Desk and change your password as your account is likely compromised.
Text of Phishing Message
From: info[@]srv-admin[.]online
Subject: You have (6) Messages Pending Delivery On Your Mailbox
From pugetsound.edu Server Admin
You have six (6) messages pending on your e-mail portal since morning the Tuesday, March 2nd, 2021 proceed message portal or open each subject to release message online.
User ID: [username]@pugetsound.edu
| Subject | Recipient | Date |
| Pending RE: Request for quotation BR739404n | To: [username]@pugetsound.edu | 02/03/2021 |
| Pending: Fw: Payment_Notificat ion.pdf | To: [username]@pugetsound.edu | 02/03/2021 |
| Pending: Signed contract; Review and send back | To: [username]@pugetsound.edu | 01/03/2021 |
| Pending: RE: Statement | To: [username]@pugetsound.edu | 27/02/2021 |
| Pending: RE: Payment Confirmation | To: [username]@pugetsound.edu | 26/02/2021 |
| Pending: RE: Inquiry From Pick&Pay | To: [username]@pugetsound.edu | 26/02/2021 |
- Authorize Delivery for pending mails [link removed]
- Report Error To IT Help Desk [link removed]
You will receive pending emails after successful login via portal as we apologize for the inconvenience.
Message Encrypted by pugetsound.edu © All Rights Reserved. | If you do not wish to recieve this message Unsubscribe.