Original Phishing Message

Note: If you received this message, please simply delete it as it is NOT legitimate. Do not click on links or provide any personal information.

Where Did the Link Lead?

The link led to a fake Microsoft sign in page. Always double check the URL and do not enter your credentials on sites you do not recognize. In this case, confirmsubscription[.]com/h/y/646E2964329AACD9.

Tips for Detection

• Note the maroon warning banner appended to the top of the message. This is a caution sign that the email you’re viewing is not from another Puget Sound staff, faculty, or student account.
• The sender is not from the University — HR outreach, COVID-related aid packages, and other official University functions will always come from a pugetsound.edu email address.
• Check the link. The Microsoft sign-in page shown is not on a Microsoft site, but rather a shady looking “confirmsubcscription[.]com,” which should raise plenty of flags. Hover over the button or hyperlink in the email to see where the link leads before clicking.

Text of Phishing Message

From: mechelle[@]mrrubbishman[.]com
Subject: Covid-19 Benefits

In response to the current hardship in the community due to the COVID-19 pandemic, the Employee Assistance Program has decided to support students and employees.

The Employee Assistance Program will pay $4,500 to all eligible students & employees, as COVID-19 support, starting from, Thursday, February 04, 2022.

Visit the Employee Benefits [link removed] page and login with your school email to submit your application.

Note: The Employee Benefits Program is available to all students and employees.

Sincerely,

COVID-19 Support Team

Employee Assistance Program