{"id":189,"date":"2020-11-30T09:29:40","date_gmt":"2020-11-30T17:29:40","guid":{"rendered":"http:\/\/blogs.pugetsound.edu\/infosec\/?p=189"},"modified":"2020-11-30T09:30:23","modified_gmt":"2020-11-30T17:30:23","slug":"phishing-example-from-11-26-20-you-received-a-video-conferencing-invitation","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/189","title":{"rendered":"Phishing Example from 11\/26\/20: &#8220;You received a video conferencing invitation.&#8221;"},"content":{"rendered":"\n<p class=\"has-large-font-size\">Original Phishing Message<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1020\" height=\"409\" src=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2020\/11\/11-26-20-zoom-invite.png\" alt=\"\" class=\"wp-image-190\" srcset=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2020\/11\/11-26-20-zoom-invite.png 1020w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2020\/11\/11-26-20-zoom-invite-300x120.png 300w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2020\/11\/11-26-20-zoom-invite-768x308.png 768w\" sizes=\"auto, (max-width: 1020px) 100vw, 1020px\" \/><\/figure>\n\n\n\n<p class=\"has-large-font-size\">Tips for Detection<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Technology Services adds a \u201cCaution\u201d banner at the top of email messages that match patterns of previous phishing attacks. If you see this banner, please use extra caution. Note that the absence of the banner does NOT necessarily mean an email is safe.<\/li><li>Normally, Zoom meeting invitations are sent from the email account of the meeting host as opposed to a generic email address.<\/li><li>The email address in this phishing attempt was &#8220;spoofed&#8221; which means it was forged to appear like it originated from noreply@pugetsound.edu. The presence of the &#8220;Caution&#8221; banner should indicate that something is off. <\/li><\/ul>\n\n\n\n<p class=\"has-large-font-size\">What does a legitimate Zoom meeting invitation look like?<\/p>\n\n\n\n<p>Below is a screenshot of an example Zoom meeting invitation that is legitimate. Remember that Zoom meeting links created within the university will begin with <strong>https:\/\/pugetsound-edu.zoom.us<\/strong>. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"667\" height=\"586\" src=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2020\/11\/legitimate-zoom-invite.png\" alt=\"\" class=\"wp-image-191\" srcset=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2020\/11\/legitimate-zoom-invite.png 667w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2020\/11\/legitimate-zoom-invite-300x264.png 300w\" sizes=\"auto, (max-width: 667px) 100vw, 667px\" \/><\/figure>\n\n\n\n<p class=\"has-large-font-size\">Text of Phishing Message<\/p>\n\n\n\n<p>Dear [<em>username<\/em>]@pugetsound.edu<br>You received a video conferencing invitation.<br>Review invitation. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Original Phishing Message Tips for Detection Technology Services adds a \u201cCaution\u201d banner at the top of email messages that match patterns of previous phishing attacks. If you see this banner, please use extra caution. Note that the absence of the banner does NOT necessarily mean an email is safe. Normally, Zoom meeting invitations are sent [&hellip;]<\/p>\n","protected":false},"author":521,"featured_media":190,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3,4,10],"class_list":["post-189","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing","tag-phishtank","tag-zoom"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/189","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=189"}],"version-history":[{"count":1,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/189\/revisions"}],"predecessor-version":[{"id":192,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/189\/revisions\/192"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/190"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=189"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=189"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=189"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}