{"id":1200,"date":"2024-02-21T08:50:47","date_gmt":"2024-02-21T16:50:47","guid":{"rendered":"https:\/\/blogs.pugetsound.edu\/infosec\/?p=1200"},"modified":"2024-02-21T08:50:48","modified_gmt":"2024-02-21T16:50:48","slug":"phishing-from-2-21-2024-re-it-service-report","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/1200","title":{"rendered":"Phishing from 2\/21\/2024: &#8220;Re: *** IT Service Report ***&#8221;"},"content":{"rendered":"\n<p class=\"has-large-font-size\">Original Phishing Message<\/p>\n\n\n\n<p><strong>From<\/strong>: jmaster[@]misd[.]net<br><strong>Subject:<\/strong> Re: *** IT Service Report ***<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"669\" height=\"443\" src=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2024\/02\/2-21-24-it-service-report-phish.jpg\" alt=\"\" class=\"wp-image-1201\" srcset=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2024\/02\/2-21-24-it-service-report-phish.jpg 669w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2024\/02\/2-21-24-it-service-report-phish-300x199.jpg 300w\" sizes=\"auto, (max-width: 669px) 100vw, 669px\" \/><\/figure>\n\n\n\n<p class=\"has-large-font-size\">Where Did the Link Lead?<\/p>\n\n\n\n<p>The link <em>foreversentiments[.]com\/as<\/em> led to a fake Outlook Web App login page. Always hover over links to see where they lead. Do not enter your credentials on websites you do not recognize or on online forms.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"962\" height=\"477\" src=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2024\/02\/2-21-24-it-report-phish-link.jpg\" alt=\"\" class=\"wp-image-1198\" srcset=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2024\/02\/2-21-24-it-report-phish-link.jpg 962w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2024\/02\/2-21-24-it-report-phish-link-300x149.jpg 300w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2024\/02\/2-21-24-it-report-phish-link-768x381.jpg 768w\" sizes=\"auto, (max-width: 962px) 100vw, 962px\" \/><\/figure>\n\n\n\n<p class=\"has-large-font-size\">Tips for Detection<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Notice the sender&#8217;s email is not @pugetsound.edu and the odd subject line.<\/li><li>Technology Services will not ask you to migrate email out of the blue.<\/li><li>Be aware of what tools the university provides. If phishing messages mention tools no longer provided or supported, that should be a red flag. <\/li><li>Notice the false sense of urgency (e.g. &#8220;You might lose your account&#8221;)<\/li><\/ul>\n\n\n\n<p class=\"has-large-font-size\">Text of Phishing Message<\/p>\n\n\n\n<p><strong>From<\/strong>: jmaster[@]misd[.]net<br><strong>Subject:<\/strong> Re: *** IT Service Report ***<\/p>\n\n\n\n<p>To All,<\/p>\n\n\n\n<p>We are migrating all email accounts into the latest Microsoft Outlook 2024 and as such all active Account holders are to verify and Log in for the upgrade and migration to take effect now. This is done to improve the security and efficiency.<\/p>\n\n\n\n<p>Click on Microsoft Outlook Portal for migration.<\/p>\n\n\n\n<p>Note: You might lose your account if you fail to Migrate to the latest Outlook web App webmail.<\/p>\n\n\n\n<p>Best Regards,<br>Master Julie<br>ITS Help-desk<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Original Phishing Message From: jmaster[@]misd[.]netSubject: Re: *** IT Service Report *** Where Did the Link Lead? The link foreversentiments[.]com\/as led to a fake Outlook Web App login page. Always hover over links to see where they lead. Do not enter your credentials on websites you do not recognize or on online forms. Tips for Detection [&hellip;]<\/p>\n","protected":false},"author":521,"featured_media":1201,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3],"class_list":["post-1200","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/1200","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=1200"}],"version-history":[{"count":1,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/1200\/revisions"}],"predecessor-version":[{"id":1202,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/1200\/revisions\/1202"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/1201"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=1200"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=1200"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=1200"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}