Original Phishing Message

Note: If you received this message, please delete it as it is not legitimate.

Where Did the Link Lead?

The link lead to a fake Outlook login page hosted on a form-hosting site.

Tips for Detection

• Note the maroon “Caution” banner appended to the top of the email. University emails will never have this banner attached.
• The sender is from outside the university — Tech Services emails will always come from an internal pugetsound.edu address.
• The email itself contains an incomplete sentence that is nonsensical. While we may make the occasional typo in our communications, at the very least the emails TS sends out will make sense. Pinky-promise.
• Double-check the link! The link is a bit.ly link that leads to an off-campus site. You can preview a hyperlink in Outlook by hovering your cursor over any link. Even if you clicked through, it should immediately look suspicious that you’re not on a proper Microsoft domain.
• Note the strange login. Normally, you will be asked for only your email to log in — it should raise red flags that this login is asking for both your User ID and email.

Text of Phishing Message

Also attached: A screenshot of the email itself to the email.

From: Mitchel Nicholson <nichomit[@]gvsu[.]edu>
Sent: Monday, February 28, 2022 5:03 AM
Subject: Maintenance Status Update

Your mailbox storage has reached 99% on the email server. Visit office[/]information[-]technology[-]help[-]desk and login to adjust and maintain your Mailbox storage.

Will not be available for your utilization.

IT Help Desk