{"id":1315,"date":"2024-11-22T11:06:13","date_gmt":"2024-11-22T19:06:13","guid":{"rendered":"https:\/\/blogs.pugetsound.edu\/infosec\/?p=1315"},"modified":"2024-11-22T11:06:15","modified_gmt":"2024-11-22T19:06:15","slug":"phishing-from-11-22-2024-impersonating-myemma-various-subject-lines","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/1315","title":{"rendered":"Phishing from 11\/22\/2024 Impersonating MyEmma: Various Subject Lines"},"content":{"rendered":"\n<p class=\"has-large-font-size\">Senders and Subject Lines<\/p>\n\n\n\n<p class=\"has-medium-font-size\">Sender Email Addresses<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>info[@]academypsy[.]it<\/li><li>info[@]buchenwald[.]de<\/li><\/ul>\n\n\n\n<p class=\"has-medium-font-size\">Subject Lines<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Immediate Attention Needed: Campaign Suspension (Case #339098-49973)<\/li><li>Immediate Attention Needed: Campaign Suspension (Case #48384-49973)<\/li><li>ref: #9484788-478847 Account Suspended<\/li><li>Suspension of Your Email Campaign (Case #57845768-48947322)<\/li><li>Urgent: Suspension of Your Email Campaign (Case #57845768-48947322)<\/li><\/ul>\n\n\n\n<p class=\"has-large-font-size\">Original Phishing Message Example<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"720\" src=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2024\/11\/11-22-24-myemma-phish-1024x720.png\" alt=\"\" class=\"wp-image-1316\" srcset=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2024\/11\/11-22-24-myemma-phish-1024x720.png 1024w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2024\/11\/11-22-24-myemma-phish-300x211.png 300w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2024\/11\/11-22-24-myemma-phish-768x540.png 768w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2024\/11\/11-22-24-myemma-phish.png 1188w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"has-large-font-size\">Where did the link lead?<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"519\" src=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2024\/11\/11-22-24-myemma-phish-link-1024x519.png\" alt=\"\" class=\"wp-image-1317\" srcset=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2024\/11\/11-22-24-myemma-phish-link-1024x519.png 1024w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2024\/11\/11-22-24-myemma-phish-link-300x152.png 300w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2024\/11\/11-22-24-myemma-phish-link-768x389.png 768w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2024\/11\/11-22-24-myemma-phish-link-1536x778.png 1536w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2024\/11\/11-22-24-myemma-phish-link-1440x730.png 1440w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2024\/11\/11-22-24-myemma-phish-link.png 1660w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"has-large-font-size\">Tips for Detection<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Notice the false sense of urgency in the email. Many phishing emails threaten account suspension or similar.<\/li><li>The emails are coming from suspicious domains. Legitimate emails from Emma will likely come from an @myemma[.]com domain. <\/li><li>Always hover over links in emails. The link in this email does not go to myemma[.]com but instead goes to a fake phishing site, myemma-updates[.]com, which is designed to look very similar to the real login page. Before entering credentials on websites, double check the URL in your browser to make sure it is a known website. <\/li><\/ul>\n\n\n\n<p class=\"has-large-font-size\">Text of Original Phishing Message<\/p>\n\n\n\n<p>Hello Client,<\/p>\n\n\n\n<p>I trust this note finds you in good health! We&#8217;re here to assist you in restarting your email campaign and make sure your account is up-to-date.<\/p>\n\n\n\n<p>To keep enjoying our services and to efficiently engage with your subscribers, we kindly ask you to update your account details.<\/p>\n\n\n\n<p>Here&#8217;s what you need to do:<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Login: Click the provided link to log into your account.<\/li><li>Update Information: Head over to the &#8216;Account Settings&#8217; area to check and modify your information.<\/li><li>Validate Changes: After updating the required details, please validate and save these changes.<\/li><\/ol>\n\n\n\n<p>Update your account<\/p>\n\n\n\n<p>Once your account is refreshed, you&#8217;ll be ready to launch your email campaigns without any downtime.<\/p>\n\n\n\n<p>Thank you for taking this quick action. We&#8217;re eager to see your email campaigns up and running again soon!<\/p>\n\n\n\n<p>Warm wishes,<\/p>\n\n\n\n<p>Emma Team<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Senders and Subject Lines Sender Email Addresses info[@]academypsy[.]it info[@]buchenwald[.]de Subject Lines Immediate Attention Needed: Campaign Suspension (Case #339098-49973) Immediate Attention Needed: Campaign Suspension (Case #48384-49973) ref: #9484788-478847 Account Suspended Suspension of Your Email Campaign (Case #57845768-48947322) Urgent: Suspension of Your Email Campaign (Case #57845768-48947322) Original Phishing Message Example Where did the link lead? Tips for [&hellip;]<\/p>\n","protected":false},"author":521,"featured_media":1316,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3,4],"class_list":["post-1315","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing","tag-phishtank"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/1315","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=1315"}],"version-history":[{"count":1,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/1315\/revisions"}],"predecessor-version":[{"id":1318,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/1315\/revisions\/1318"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/1316"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=1315"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=1315"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=1315"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}