{"id":1109,"date":"2023-06-01T09:12:51","date_gmt":"2023-06-01T16:12:51","guid":{"rendered":"https:\/\/blogs.pugetsound.edu\/infosec\/?p=1109"},"modified":"2023-06-02T16:39:29","modified_gmt":"2023-06-02T23:39:29","slug":"phishing-from-6-1-2023-university-of-puget-sound","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/1109","title":{"rendered":"Phishing from 6\/1\/2023: &#8220;UNIVERSITY OF PUGET SOUND&#8221;"},"content":{"rendered":"\n<p class=\"has-large-font-size\">Original Phishing Message<\/p>\n\n\n\n<p><strong><em>NOTE: If you received this message, DO NOT click the link or enter any information as this email is NOT legitimate.<\/em><\/strong><\/p>\n\n\n\n<p><strong>From<\/strong>: info.beththomloan[@]gmail[.]com<br><strong>Subject: <\/strong>UNIVERSITY OF PUGET SOUND<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"417\" src=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2023\/06\/6-1-23-it-phishing-1024x417.jpg\" alt=\"\" class=\"wp-image-1110\" srcset=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2023\/06\/6-1-23-it-phishing-1024x417.jpg 1024w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2023\/06\/6-1-23-it-phishing-300x122.jpg 300w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2023\/06\/6-1-23-it-phishing-768x312.jpg 768w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2023\/06\/6-1-23-it-phishing.jpg 1212w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"has-large-font-size\">Where Did the Link Lead?<\/p>\n\n\n\n<p>The phishing link in the email went to a Jotform page asking for your username and password. Though Jotform is a legitimate service, many attackers utilize such platforms (e.g. Google Forms, Jotforms, Survey Monkey) to collect credentials. Never enter your credentials on a web form. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"494\" src=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2023\/06\/6-1-23-it-phishing-link-1024x494.jpg\" alt=\"\" class=\"wp-image-1112\" srcset=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2023\/06\/6-1-23-it-phishing-link-1024x494.jpg 1024w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2023\/06\/6-1-23-it-phishing-link-300x145.jpg 300w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2023\/06\/6-1-23-it-phishing-link-768x371.jpg 768w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2023\/06\/6-1-23-it-phishing-link.jpg 1239w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"has-large-font-size\">Tips for Detection<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>The sender\u2019s email address was a gmail[.]com address. Always double-check the sender\u2019s email address and don\u2019t solely rely on the display name. <\/li><li>Many phishing emails attempt to impersonate university departments, such as IT or HR. <\/li><li>Official communications from the university will generally come from an @pugetsound.edu email address.<\/li><li>The email tries to induce fear that your email will be suspended. Don\u2019t be misled by the sense of urgency!<\/li><\/ul>\n\n\n\n<p class=\"has-large-font-size\">Text of Phishing Message<\/p>\n\n\n\n<p><strong>From<\/strong>: info.beththomloan[@]gmail[.]com<br><strong>Subject: <\/strong>UNIVERSITY OF PUGET SOUND <\/p>\n\n\n\n<p>Hello,<br>Click here to verify your email to avoid being suspended.<\/p>\n\n\n\n<p>Thank You<br>UNIVERSITY OF PUGET SOUND<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Original Phishing Message NOTE: If you received this message, DO NOT click the link or enter any information as this email is NOT legitimate. From: info.beththomloan[@]gmail[.]comSubject: UNIVERSITY OF PUGET SOUND Where Did the Link Lead? The phishing link in the email went to a Jotform page asking for your username and password. Though Jotform is [&hellip;]<\/p>\n","protected":false},"author":521,"featured_media":1110,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3,4],"class_list":["post-1109","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing","tag-phishtank"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/1109","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=1109"}],"version-history":[{"count":4,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/1109\/revisions"}],"predecessor-version":[{"id":1116,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/1109\/revisions\/1116"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/1110"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=1109"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=1109"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=1109"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}