{"id":1333,"date":"2025-03-21T08:10:30","date_gmt":"2025-03-21T15:10:30","guid":{"rendered":"https:\/\/blogs.pugetsound.edu\/infosec\/?p=1333"},"modified":"2025-03-21T08:16:42","modified_gmt":"2025-03-21T15:16:42","slug":"phishing-from-3-21-2025-re-time-card-approval-last-reminder","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/1333","title":{"rendered":"Phishing from 3\/21\/2025: “Re: TIME-CARD APPROVAL – LAST REMINDER”"},"content":{"rendered":"\n

Original Phishing Message<\/p>\n\n\n\n

From<\/strong>: \u041a\u043e\u0440\u0447\u0430\u0433\u0438\u043d\u0430 \u042e\u043b\u0438\u044f \u0412\u0438\u043a\u0442\u043e\u0440\u043e\u0432\u043d\u0430 <korchagina_uv[@]rsmu[.]ru>
Subject<\/strong>: Re: TIME-CARD APPROVAL – LAST REMINDER<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Tips for Detection<\/p>\n\n\n\n

  • The email display name and email address domain are suspicious. Legitimate emails from Human Resources would come from an @pugetsound.edu email address.<\/li>
  • Notice the sense of urgency in the subject line. Many phishing emails want you to feel rushed in order to take action quickly without thinking. <\/li>
  • The link in the email does not go to a website the university uses for timekeeping. <\/li><\/ul>\n\n\n\n

    Where did the link lead?<\/p>\n\n\n\n

    The link led to a fake Microsoft Outlook login page. Always double-check the URL in your browser to confirm it is a trusted site before logging in. Never submit login credentials in online forms, even if it is a trusted site like Google Forms. <\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    Text of Phishing Message<\/p>\n\n\n\n

    From<\/strong>: \u041a\u043e\u0440\u0447\u0430\u0433\u0438\u043d\u0430 \u042e\u043b\u0438\u044f \u0412\u0438\u043a\u0442\u043e\u0440\u043e\u0432\u043d\u0430 <korchagina_uv[@]rsmu[.]ru>
    Subject<\/strong>: Re: TIME-CARD APPROVAL – LAST REMINDER <\/p>\n\n\n\n

    please review your time-card for the Current Pay Period.
    All employees are required to review and approve their time-card to ensure appropriate payment. Per policy, employees are responsible for reporting all errors and\/or omissions on each time-card on or before payroll week.<\/p>\n\n\n\n

    Please open your Browser to https:\/\/mailsecuritystafflogonieekim34247[.]softr[.]app\/ To Review and Approve Your Time-card.<\/p>\n\n\n\n

    If you experience a problem accessing your time-card, please use this link https:\/\/mailsecuritystafflogonieekim34247[.]softr[.]app\/<\/p>\n\n\n\n

    2025<\/p>\n","protected":false},"excerpt":{"rendered":"

    Original Phishing Message From: \u041a\u043e\u0440\u0447\u0430\u0433\u0438\u043d\u0430 \u042e\u043b\u0438\u044f \u0412\u0438\u043a\u0442\u043e\u0440\u043e\u0432\u043d\u0430 <korchagina_uv[@]rsmu[.]ru>Subject: Re: TIME-CARD APPROVAL – LAST REMINDER Tips for Detection The email display name and email address domain are suspicious. Legitimate emails from Human Resources would come from an @pugetsound.edu email address. Notice the sense of urgency in the subject line. Many phishing emails want you to feel […]<\/p>\n","protected":false},"author":521,"featured_media":1334,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3],"class_list":["post-1333","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/1333","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=1333"}],"version-history":[{"count":2,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/1333\/revisions"}],"predecessor-version":[{"id":1338,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/1333\/revisions\/1338"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/1334"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=1333"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=1333"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=1333"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}