Subject: <\/strong>Re: IT Microsoft Outlook Update
Subject<\/strong>: Re: Mailbox Migration<\/p>\n\n\n\n
![\"\"](\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2024\/02\/2-13-24-outlook-phish.jpg\")
<\/figure>\n\n\n\nTips for Detection<\/p>\n\n\n\n
- The university uses Google Mail which does not require using Outlook. This should raise suspicion. <\/li>
- Notice the sender’s email is from the misd[.]net domain. Emails from Technology Services will generally come from a pugetsound.edu email. <\/li>
- Hovering over the link reveals that it goes to bestrollingstoneconcert[.]com\/sr\/ which is not a pugetsound.edu site.<\/li>
- Notice the false sense of urgency in the email with wording such as “take effect now” and “lose your account”.<\/li><\/ul>\n\n\n\n
Where Did the Link Lead?<\/p>\n\n\n\n
The link led to a fake Outlook Web App login page. Never enter your credentials on sites you do not recognize. <\/p>\n\n\n\n
![\"\"](\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2024\/02\/2-13-24-outlook-phish-link-1024x522.jpg\")
<\/figure>\n\n\n\nText of Phishing Message<\/p>\n\n\n\n
From:<\/strong> llindsay[@]misd[.]net
Subject: <\/strong>Re: IT Microsoft Outlook Update
Subject<\/strong>: Re: Mailbox Migration <\/p>\n\n\n\nTo All,<\/p>\n\n\n\n
We are migrating all email accounts into the latest Microsoft Outlook 2024 and as such all active Account holders are to verify and Log in for the upgrade and migration to take effect now. This is done to improve the security and efficiency.<\/p>\n\n\n\n
Click Microsoft Outlook Portal for migration.<\/p>\n\n\n\n
Note: You might lose your account if you fail to Migrate to the latest Outlook web App webmail.<\/p>\n\n\n\n
Best Regards,
Lindsay Lynda
ITS Help-desk<\/p>\n","protected":false},"excerpt":{"rendered":"Original Phishing Message From: llindsay[@]misd[.]netSubject: Re: IT Microsoft Outlook UpdateSubject: Re: Mailbox Migration Tips for Detection The university uses Google Mail which does not require using Outlook. This should raise suspicion. Notice the sender’s email is from the misd[.]net domain. Emails from Technology Services will generally come from a pugetsound.edu email. Hovering over the link […]<\/p>\n","protected":false},"author":521,"featured_media":1191,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3],"class_list":["post-1190","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/1190","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=1190"}],"version-history":[{"count":2,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/1190\/revisions"}],"predecessor-version":[{"id":1194,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/1190\/revisions\/1194"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/1191"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=1190"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=1190"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=1190"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}