Original Phishing Message

Note: If you received this message or a similar one, please delete it and do not click on any links. The message is NOT legitimate.

Tips for Detection

• Notice the maroon caution banner prepended to the message. Messages with this banner match previous phishing attempts.
• Technology Services will not ask you to click on a link to update your email.
• Notice the reference to “Pugetsound University” instead of “University of Puget Sound”.
• Always hover over hyperlinked text. In this case, it was tricky as it appeared to go to a pugetsound.edu website. However, hovering over the link reveals the link would go to https://www[.]cognitoforms[.]com/elizabethphanllc/maintenanceupdate or https://7a815daf[.]sibforms[.]com/.

Where Did the Link Lead?

Note: If you entered your credentials on this form, please call the Service Desk as soon as possible at 253-879-8585 (option 2) as your password is compromised.

The link led to a fake form intended to steal your credentials: https://www[.]cognitoforms[.]com/elizabethphanllc/maintenanceupdate. Never enter credentials on web forms or on sites you do not recognize.

Text of Phishing Message

From: akhanna5[@]lion[.]lmu[.]edu OR hamj[@]gvsu[.]edu
Subject: Maintenance

PUGETSOUND UNIVERSITY/Office365 service is currently undergoing scheduled maintenance on our mail servers due to high levels of queued emails.

All users are mandated to complete this update.
https://www[.]pugetsound[.]edu/technology-support/help-support [LINK REMOVED]