Subject<\/strong>: #06272023 – 66<\/p>\n\n\n\n
![\"\"](\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2023\/06\/6-27-23-canva-fax-phishing.jpg\")
<\/figure>\n\n\n\nTips for Detection<\/p>\n\n\n\n
- If you are not expecting an email or attachment from an individual, use extra caution. <\/li>
- Notice the discrepancy between the file extension .xlsx while claiming to be a fax. An emailed fax would likely be an image file or a PDF, not an Excel document. <\/li>
- Always hover over links to see where they lead.<\/li><\/ul>\n\n\n\n
Where Did the Link Lead?<\/p>\n\n\n\n
The link goes to a popular design website, canva[.]com with a hyperlinked image created by the malicious actor. Attackers frequently use known services such as Google Drive, One Drive, Canva, etc as the initial hyperlink in an email to lend credibility to the phishing message.<\/p>\n\n\n\n
![\"\"](\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2023\/06\/6-27-23-canva-fax-phishing-link-1-1024x633.jpg\")
<\/figure>\n\n\n\nThe link then goes to a suspicious website, https:\/\/lblawyer-1318439371[.]cos[.]ap-bangkok[.]myqcloud[.]com\/lblawyer[.]html, hosting a fake Microsoft login page. Never enter your credentials on sites you do not recognize and double-check the URL to confirm it is a trusted site before logging in. <\/p>\n\n\n\n
![\"\"](\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2023\/06\/6-27-23-canva-fax-phishing-link-2-1-1024x536.jpg\")
<\/figure>\n\n\n\nText of Phishing Message<\/p>\n\n\n\n
From<\/strong>: ewilson[@]comfortkeepers[.]com
Subject<\/strong>: #06272023 – 66 <\/p>\n\n\n\nYou have received an inbound secure fax from Comfort Keepers.<\/p>\n\n\n\n
Print or View<\/p>\n\n\n\n
Reference: Microsoft06272023.xlsx<\/p>\n\n\n\n
Received & processed: Tuesday, 27 June 2023<\/p>\n\n\n\n
Pages: 2<\/p>\n\n\n\n
Resolution: 300dpi x 300dpi<\/p>\n","protected":false},"excerpt":{"rendered":"
Original Phishing Message From: ewilson[@]comfortkeepers[.]comSubject: #06272023 – 66 Tips for Detection If you are not expecting an email or attachment from an individual, use extra caution. Notice the discrepancy between the file extension .xlsx while claiming to be a fax. An emailed fax would likely be an image file or a PDF, not an Excel […]<\/p>\n","protected":false},"author":521,"featured_media":1125,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3],"class_list":["post-1124","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/1124","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=1124"}],"version-history":[{"count":2,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/1124\/revisions"}],"predecessor-version":[{"id":1130,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/1124\/revisions\/1130"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/1125"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=1124"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=1124"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=1124"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}