{"id":1222,"date":"2024-05-23T09:48:56","date_gmt":"2024-05-23T16:48:56","guid":{"rendered":"https:\/\/blogs.pugetsound.edu\/infosec\/?p=1222"},"modified":"2024-05-23T09:48:58","modified_gmt":"2024-05-23T16:48:58","slug":"phishing-from-5-22-2024-email-password","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/1222","title":{"rendered":"Phishing from 5\/22\/2024: &#8220;Email Password&#8221;"},"content":{"rendered":"\n<p class=\"has-large-font-size\">Original Phishing Email<\/p>\n\n\n\n<p><strong>From<\/strong>: skaelin[@]ccsdli[.]org<br><strong>Subject: <\/strong>Email Password<br><strong>Subject: <\/strong>Email Administrator<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"662\" height=\"450\" src=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2024\/05\/5-23-24-email-password-phishing.jpg\" alt=\"\" class=\"wp-image-1223\" srcset=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2024\/05\/5-23-24-email-password-phishing.jpg 662w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2024\/05\/5-23-24-email-password-phishing-300x204.jpg 300w\" sizes=\"auto, (max-width: 662px) 100vw, 662px\" \/><\/figure>\n\n\n\n<p class=\"has-large-font-size\">Where Did the Link Lead?<\/p>\n\n\n\n<p>The link led to a fake Outlook Web App login page. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"556\" src=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2024\/05\/5-23-24-email-password-phishing-link-1024x556.jpg\" alt=\"\" class=\"wp-image-1224\" srcset=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2024\/05\/5-23-24-email-password-phishing-link-1024x556.jpg 1024w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2024\/05\/5-23-24-email-password-phishing-link-300x163.jpg 300w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2024\/05\/5-23-24-email-password-phishing-link-768x417.jpg 768w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2024\/05\/5-23-24-email-password-phishing-link.jpg 1431w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"has-large-font-size\">Tips for Detection<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Notice the false sense of urgency (e.g. 24 hours).<\/li><li>Technology Services will not ask you to click a link to &#8220;validate&#8221; your account.<\/li><li>Notice the link goes to receita-medicinali-indigena[.]shop\/ns\/ which is not a Puget Sound website. Always hover over links and never enter your credentials on sites you do not recognize. <\/li><li>Notice the sender is skaelin[@]ccsdli[.]org. Emails from Technology Services will come from an @pugetsound.edu email address. <\/li><\/ul>\n\n\n\n<p class=\"has-large-font-size\">Text of Phishing Messages<\/p>\n\n\n\n<p><strong>From<\/strong>: skaelin[@]ccsdli[.]org <br><strong>Subject: <\/strong>Email Password<\/p>\n\n\n\n<p>Your Email password will expire in the 24 hours, Log on to IT STAFF PORTAL\u200b to validate Your E-mail.<\/p>\n\n\n\n<p>Thank You.<\/p>\n\n\n\n<p>Web-mail Administrator.<\/p>\n\n\n\n<p> <br><strong>From<\/strong>: skaelin[@]ccsdli[.]org  <br><strong>Subject: <\/strong>Email Administrator <\/p>\n\n\n\n<p>Dear Valued User,<\/p>\n\n\n\n<p>We wanted to let you know that we got your request to terminate your Outlook Webmail because of a dual college\/university account. This process has begun by our administrator. You should re-verify your account if you did not authorize this action and have no knowledge of it. Please give us 24 hours to terminate your account if you initiated the request. Failure to re-verify will result in the closure of your account and you will lose all your files on these accounts.<\/p>\n\n\n\n<p>Kindly visit IT STAFF PORTAL to re-verify and cancel the request<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Original Phishing Email From: skaelin[@]ccsdli[.]orgSubject: Email PasswordSubject: Email Administrator Where Did the Link Lead? The link led to a fake Outlook Web App login page. Tips for Detection Notice the false sense of urgency (e.g. 24 hours). Technology Services will not ask you to click a link to &#8220;validate&#8221; your account. Notice the link goes [&hellip;]<\/p>\n","protected":false},"author":521,"featured_media":1223,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3],"class_list":["post-1222","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/1222","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=1222"}],"version-history":[{"count":1,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/1222\/revisions"}],"predecessor-version":[{"id":1225,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/1222\/revisions\/1225"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/1223"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=1222"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=1222"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=1222"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}