Tips for Detection

• Sending email address is not from @pugetsound.edu
• The link leads to a suspicious site that is not hosted by Puget Sound
• Technology Services will not ask you to click a link to “confirm mailbox” or threaten discontinuation of services
• Salutation states “Good Morning” when the email was sent at around 3pm

Original Phishing Message

Where Did The Link Lead?

The link led to a website that harvests credentials. If you were to enter your information, your credentials would have been sent to the attacker and your account compromised.

Text of Phishing Message

From: Joanne Brown <joanne.brown[@]wcdhb[.]health[.]nz>
Subject: RE: Helpdesk Email confirmation needed

Good Morning,

Your email removal from our mailing server has been approved.

Access to your email will be denied permanently after next logout, kindly confirm and upgrade your mailbox to avoid losing your email access.

Confirm mailbox now

Note: Access to your email will be restricted after next logout if you fail to confirm and upgrade your mailbox.

Best Regards,
IT Support Team.