{"id":112,"date":"2020-10-19T16:25:32","date_gmt":"2020-10-19T23:25:32","guid":{"rendered":"http:\/\/blogs.pugetsound.edu\/infosec\/?p=112"},"modified":"2023-02-09T12:04:46","modified_gmt":"2023-02-09T20:04:46","slug":"simulated-phishing-breakdown-2","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/simulated-phishing\/112","title":{"rendered":"NCSAM 2020: Simulated Phishing Breakdown #2 – Students"},"content":{"rendered":"

If you were redirected here after entering your credentials, please read on to learn why the email you received was phishing. Don’t worry!<\/strong> This was a simulated<\/em><\/strong> phishing attempt so your credentials are safe. However, if the situation were real, the information you entered would now be in the hands of a cybercriminal.<\/p><\/blockquote>\n

The email you received was sent by Technology Services to simulate a real phishing email as part of National Cyber Security Awareness Month. <\/em> Visit pugetsound.edu\/NCSAM2020<\/a> for more information. <\/em>The goal of simulated phishing is to provide an interactive way for campus members to learn how to quickly recognize and handle phishing emails.<\/em><\/p>\n

How could I have detected the email was phishing?<\/h2>\n
    \n
  • At Puget Sound, “IT Helpdesk” is not the normal name for our technology support.<\/li>\n
  • The sender’s email address was from @pugetsound.com<\/em><\/strong> (instead of @pugetsound.edu). Always double-check the sender’s email address and don’t solely rely on the display name.<\/li>\n
  • The email had a generic greeting (e.g. Dear User or Dear Customer).<\/li>\n
  • The content of the email contained numerous grammatical errors.<\/li>\n
  • The link in the email, pugetsoundhelpdesk.com, is not a university website and is certainly not the website to log in to your Puget Sound email account. Always hover over links to see where they lead before clicking.<\/li>\n
  • The email tries to induce fear that your email service will be removed after 24 hours. Don’t be misled by the sense of urgency!<\/li>\n
  • If you are ever unsure about an email’s legitimacy, you can always contact the Service Desk at 253-879-8585.<\/li>\n<\/ul>\n

    What if I wasn’t sure if my mailbox was full?<\/h2>\n

    You can check how much space you are currently using in your Puget Sound email by logging in to webmail.pugetsound.edu<\/strong>. Once you sign in, click the gear icon at the top right then click “Options.” You will see mailbox usage information displayed there.<\/p>\n

    Original Simulated Phishing Message<\/h2>\n

    \"\"<\/p>\n

    Where did the link lead?<\/h2>\n

    The link led to a fake sign-in page. Even though there is a university-related logo, it is very low resolution and a logo typically used by Athletics. Technology Services will not ask you to click a link in an email to increase your mailbox size.<\/p>\n

    \"\"<\/p>\n

    Text of Simulated Phishing Message<\/h2>\n

    Dear user,<\/p>\n

    Your mailbox is reached 95% capacity. When your mailbox size are at 95%, you will unable to send or receive emails. However, you have 24 hour appeal period to cancel interference to email service.<\/p>\n

    To request kindly an extension of the deadline and give a short term increase to your mailbox size, please login use the link below to avoid disruption.<\/p>\n

    CLICK HERE<\/p>\n

    If you do not take any move within 24 hours, your account will be suspended. Thank you for urgent attention to this event.<\/p>\n

    IT Department<\/p>\n","protected":false},"excerpt":{"rendered":"

    If you were redirected here after entering your credentials, please read on to learn why the email you received was phishing. Don’t worry! This was a simulated phishing attempt so your credentials are safe. However, if the situation were real, the information you entered would now be in the hands of a cybercriminal. The email […]<\/p>\n","protected":false},"author":521,"featured_media":120,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[3],"class_list":["post-112","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-simulated-phishing","tag-phishing"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/112","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=112"}],"version-history":[{"count":4,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/112\/revisions"}],"predecessor-version":[{"id":985,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/112\/revisions\/985"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/120"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=112"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=112"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=112"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}