{"id":201,"date":"2020-12-08T10:58:33","date_gmt":"2020-12-08T18:58:33","guid":{"rendered":"http:\/\/blogs.pugetsound.edu\/infosec\/?p=201"},"modified":"2020-12-08T13:44:07","modified_gmt":"2020-12-08T21:44:07","slug":"phishing-from-12-8-2020-helpdesk-action-requested-pugetsound","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/201","title":{"rendered":"Phishing from 12\/8\/2020: &#8220;Helpdesk Action Requested Pugetsound&#8221;"},"content":{"rendered":"\n<p class=\"has-large-font-size\">Original Phishing Message<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"486\" src=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2020\/12\/12-8-20-o365-keep-pw-2-1024x486.png\" alt=\"\" class=\"wp-image-204\" srcset=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2020\/12\/12-8-20-o365-keep-pw-2-1024x486.png 1024w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2020\/12\/12-8-20-o365-keep-pw-2-300x143.png 300w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2020\/12\/12-8-20-o365-keep-pw-2-768x365.png 768w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2020\/12\/12-8-20-o365-keep-pw-2.png 1360w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"has-large-font-size\">Tips for Detection<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>The sending email address is svc-ub-dmp[@]tu-berlin.de. <\/li><li>Technology Services will not ask you to click a link in an email to keep your password. <\/li><li>The text of the email contains many extra characters between letters. This method is typically employed to avoid detection by spam filters that look for specific suspicious keywords. <\/li><li>The link goes to http:\/\/www[.]pugetsound086pugetsound[.]gslkorea[.]com which is NOT a Puget Sound site. Authentic Puget Sound sites will end in pugetsound.edu before the first slash \/. <\/li><\/ul>\n\n\n\n<p class=\"has-large-font-size\">Text of Phishing Message<\/p>\n\n\n\n<p>Message is from Pugetsound Office 365<\/p>\n\n\n\n<p>Your password on [<em>username<\/em>]@pugetsound.edu has expired today and would be blocked anytime. You are advised to keep same password using below button to avoid loosing your data. <\/p>\n\n\n\n<p>KEEP SAME PASSWORD [<em>link removed<\/em>]<\/p>\n\n\n\n<p>Do Not Reply<br>One MicroQuick Way<br>Redmond, WA<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Original Phishing Message Tips for Detection The sending email address is svc-ub-dmp[@]tu-berlin.de. Technology Services will not ask you to click a link in an email to keep your password. The text of the email contains many extra characters between letters. This method is typically employed to avoid detection by spam filters that look for specific [&hellip;]<\/p>\n","protected":false},"author":521,"featured_media":204,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3,4],"class_list":["post-201","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing","tag-phishtank"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/201","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=201"}],"version-history":[{"count":2,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/201\/revisions"}],"predecessor-version":[{"id":205,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/201\/revisions\/205"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/204"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=201"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=201"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=201"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}