{"id":13,"date":"2020-09-16T17:59:38","date_gmt":"2020-09-16T17:59:38","guid":{"rendered":"http:\/\/blogs.pugetsound.edu\/infosec\/?p=13"},"modified":"2020-09-23T12:46:03","modified_gmt":"2020-09-23T19:46:03","slug":"phishing-example-from-6-24-19-have-messages-delivery-failure","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/13","title":{"rendered":"Phishing Example from 6\/24\/19: &#8220;Have Messages-Delivery-Failure&#8221;"},"content":{"rendered":"<h3>Tips for Detection:<\/h3>\n<ul>\n<li>Attempting to impersonate a message from Microsoft Office 365<\/li>\n<li>Sending address is not from Microsoft, but from @bell.net<\/li>\n<li>Hovering over the &#8220;Review Message&#8221; option reveals a suspicious link<\/li>\n<li>Manipulating somebody into thinking they may be missing important emails<\/li>\n<li>Obvious grammatical and spelling errors<\/li>\n<\/ul>\n<h3>Original Phishing Message:<\/h3>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-20 size-full\" src=\"http:\/\/blogs.pugetsound.edu\/infosec\/files\/2020\/09\/6-24-19-o365-inbox-phish.jpg\" alt=\"\" width=\"995\" height=\"545\" srcset=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2020\/09\/6-24-19-o365-inbox-phish.jpg 995w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2020\/09\/6-24-19-o365-inbox-phish-300x164.jpg 300w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2020\/09\/6-24-19-o365-inbox-phish-768x421.jpg 768w\" sizes=\"auto, (max-width: 995px) 100vw, 995px\" \/><\/p>\n<h3>Text of Phishing Message:<\/h3>\n<p>Dear: [username]@ups.edu<\/p>\n<p>Office 365 has prevented the delivery of 7 new emails to your inbox. As of Monday, June 24, 2019 7:44:32 AM because message failed in sync into mailbox. You can review thes here and choose what happens to them.<\/p>\n<p>Review Message<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Tips for Detection: Attempting to impersonate a message from Microsoft Office 365 Sending address is not from Microsoft, but from @bell.net Hovering over the &#8220;Review Message&#8221; option reveals a suspicious link Manipulating somebody into thinking they may be missing important emails Obvious grammatical and spelling errors Original Phishing Message: Text of Phishing Message: Dear: [username]@ups.edu [&hellip;]<\/p>\n","protected":false},"author":521,"featured_media":20,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3,4],"class_list":["post-13","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing","tag-phishtank"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/13","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=13"}],"version-history":[{"count":3,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/13\/revisions"}],"predecessor-version":[{"id":74,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/13\/revisions\/74"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/20"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=13"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=13"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=13"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}