{"id":1257,"date":"2024-08-26T08:25:09","date_gmt":"2024-08-26T15:25:09","guid":{"rendered":"https:\/\/blogs.pugetsound.edu\/infosec\/?p=1257"},"modified":"2024-08-26T08:35:09","modified_gmt":"2024-08-26T15:35:09","slug":"phishing-from-8-26-24-syncing-error-password-expiry","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/1257","title":{"rendered":"Phishing from 8\/26\/24: “Syncing Error Password Expiry”"},"content":{"rendered":"\n

Original Message<\/p>\n\n\n\n

From<\/strong>: ADMIN-CPANEL@vnwzsi.org
Subject:<\/strong> Syncing Error Password Expiry
Subject<\/strong>: Password Expiry Notification [username<\/em>]@pugetsound.edu<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Tips for Detection<\/p>\n\n\n\n

  • The email was sent from ADMIN-CPANEL[@]vnwzsi[.]org. This is not an @pugetsound.edu email address.<\/li>
  • TS will never ask you to click a link to keep the same password. <\/li>
  • Notice the false sense of urgency and grammatical errors (e.g. “will be expires today”)<\/li><\/ul>\n\n\n\n

    Where did the link lead?<\/p>\n\n\n\n

    The link led to a fake Webmail login page. Never enter your credentials on sites you do not recognize. <\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    Text of Phishing Message<\/p>\n\n\n\n

    From<\/strong>: ADMIN-CPANEL@vnwzsi.org
    Subject:<\/strong> Syncing Error Password Expiry
    Subject<\/strong>: Password Expiry Notification [username<\/em>]@pugetsound.edu <\/p>\n\n\n\n

    webmail
    pugetsound.edu,
    Your account [username<\/em>]@pugetsound.edu password will be expires today 8\/26\/2024 11:42:14 p.m.<\/p>\n\n\n\n

    Please kindly use the button below to continue with the same password.<\/p>\n\n\n\n

    Keep Same Password<\/p>\n\n\n\n

    Automated Message 8\/26\/2024 11:42:14 p.m.
    pugetsound.edu<\/p>\n","protected":false},"excerpt":{"rendered":"

    Original Message From: ADMIN-CPANEL@vnwzsi.orgSubject: Syncing Error Password ExpirySubject: Password Expiry Notification [username]@pugetsound.edu Tips for Detection The email was sent from ADMIN-CPANEL[@]vnwzsi[.]org. This is not an @pugetsound.edu email address. TS will never ask you to click a link to keep the same password. Notice the false sense of urgency and grammatical errors (e.g. “will be expires […]<\/p>\n","protected":false},"author":521,"featured_media":1258,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3,4],"class_list":["post-1257","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing","tag-phishtank"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/1257","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=1257"}],"version-history":[{"count":2,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/1257\/revisions"}],"predecessor-version":[{"id":1262,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/1257\/revisions\/1262"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/1258"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=1257"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=1257"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=1257"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}