Original Phishing Message

NOTE: If you received this message, please delete it and DO NOT click on any links. This message is NOT legitimate.

Tips for Detection

• Notice the maroon caution banner prepended to the message. This banner is added on messages that match patterns of other phishing attempts.
• The email is not sent from an @pugetsound.edu address.
• The entire body of the email is a hyperlinked image (instead of text) which should be suspicious. This is a method used by attackers to bypass email spam filters.
• Hovering over the hyperlinked image reveals that the link does not take you to a pugetsound.edu site and instead goes to mecaniquepetitetfilles[.]ca/salesadmin/update.
• Technology Services will not ask you to click a link to “avoid login interruption.”

Where Did the Link Lead?

Text of Phishing Message

From: replen[@]gvsu[.]edu or ssterenberg[@]teampbs[.]com
Subject: ITS PORTAL

Your UPS account settings are out-of-date. To improve all student/faculty/staff account user experience, privacy policy update is required to avoid login interruption.

Privacy Policy Action Required Now

Visit [link removed]