Tips for Detection
- Though the email display name contains “pugetsound.edu”, the sending address is customservice[@]untungpcv.com
- The text of the subject line does not make much sense and could be a bad translation
- Body of email also contains grammatical errors
- Technology Services does not allow users to release messages from quarantine
- Hovering over the “Release Emails” link reveals a suspicious website. Remember to look at the last portion before the / for the actual domain the website is hosted on. In this case, it is nulledfiles[.]net.
Original Phishing Message
Text of Phishing Message
Quarantine Notification
This email is to inform [username]@pugetsound.edu
That few of your new messages have been prevented. You can view and choose what you want them to be placed at.
Severity : High !
Time : 6:13:33 PM , Wednesday, September 23, 2020
Release Emails
Microsoft | Support | Policy
ALl Rights Reserved