Original Phishing Message

Tips for Detection

• Notice the “Caution” banner prepended to the message. This banner is added to messages that match patterns of previous phishing attempts.
• The link in the email leads to a phishing site webmailauth9172[.]com. Remember, webmail.pugetsound.edu is the URL to access your Puget Sound email.
• Technology Services will not ask you click a link in an email to “revalidate”, “relogin”, or “upgrade” your account.
• General tip: do not log in with your Puget Sound credentials on websites that do not end with “pugetsound.edu” as they may be phishing sites designed to steal your information.

Text of Phishing Message

Subject: Please relogin to [username]@pugetsound.edu
From: admin[@]amandaku[.]com, admin[@]loeliges[.]com, admin[@]cryptoincome[.]link

Hello,

Your email address ([username]@pugetsound.edu) is required to relogin today in order to mentain accurate server information. This is an automated process and should take only one minute, but it is mandatory within the next 24 hours.

Log In To Webmail [link removed]