{"id":1310,"date":"2024-11-13T11:42:00","date_gmt":"2024-11-13T19:42:00","guid":{"rendered":"https:\/\/blogs.pugetsound.edu\/infosec\/?p=1310"},"modified":"2024-11-13T11:42:01","modified_gmt":"2024-11-13T19:42:01","slug":"phishing-from-11-13-2024-shared-inv-and-suspension-report","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/1310","title":{"rendered":"Phishing from 11\/13\/2024: &#8220;Shared INV&#8221; and &#8220;Suspension-Report&#8221;"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Campus members have reported recent phishing attempts impersonating Adobe. The emails come from various senders and with different subject lines. If you receive an email matching the information below, it is NOT legitimate. <\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">Sender Email Address<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The emails have been attempting to spoof various @pugetsound[.]edu email addresses.<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">Sender Display Name<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Adobe\u00a9Pugetsound<\/li><\/ul>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">Subject Lines<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Text within brackets [ ] are altered in each subject line.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Suspension-Report for [<em>username<\/em>]@pugetsound.edu [<em>date<\/em>\/<em>time<\/em>]<\/li><li>Shared INVO[<em>random numbers<\/em>] for Pugetsound [<em>date\/time<\/em>]..[<em>random characters<\/em>]<\/li><\/ul>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">Example Phishing Email<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"572\" src=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2024\/11\/11-13-24-adobe-sign-phish-1024x572.png\" alt=\"\" class=\"wp-image-1311\" srcset=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2024\/11\/11-13-24-adobe-sign-phish-1024x572.png 1024w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2024\/11\/11-13-24-adobe-sign-phish-300x168.png 300w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2024\/11\/11-13-24-adobe-sign-phish-768x429.png 768w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2024\/11\/11-13-24-adobe-sign-phish.png 1230w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">Tips for Detection<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>The display name &#8220;Adobe\u00a9Pugetsound&#8221; is unusual and suspicious.<\/li><li>Legitimate emails from Adobe Acrobat Sign will come from adobesign[@]adobesign[.]com. <\/li><li>Notice that the email contains an attachment instead of a link to Adobe&#8217;s website such as adobesign[.]com or documents[.]adobe.com. Beware of attachments you are not expecting, especially if it is an encrypted ZIP file since it may contain malware. <\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Campus members have reported recent phishing attempts impersonating Adobe. The emails come from various senders and with different subject lines. If you receive an email matching the information below, it is NOT legitimate. Sender Email Address The emails have been attempting to spoof various @pugetsound[.]edu email addresses. Sender Display Name Adobe\u00a9Pugetsound Subject Lines Text within [&hellip;]<\/p>\n","protected":false},"author":521,"featured_media":1311,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3],"class_list":["post-1310","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/1310","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=1310"}],"version-history":[{"count":1,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/1310\/revisions"}],"predecessor-version":[{"id":1312,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/1310\/revisions\/1312"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/1311"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=1310"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=1310"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=1310"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}