![\"\"](\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/02\/2-8-21-owa-upgrade-phish-1024x487.png\")
<\/figure>\n\n\n\nTips For Detection<\/p>\n\n\n\n
- Notice the “Caution” banner prepended to the email. The banner is added by Technology Serivces on email messages that match patterns of previous phishing attempts. Be especially wary of replying, clicking links, or opening attachments when you see this.<\/li>
- Always check the sender’s email address. This email orginated from stefanie.sjuts[@]jade-hs[.]de which is clearly not a Puget Sound address. <\/li>
- Technology Services will not ask you to click a link to “update” your email account. <\/li><\/ul>\n\n\n\n
Where did the link lead?<\/p>\n\n\n\n
The link in the email led to a fake Outlook Web Access sign in page. Remember to always hover over links in emails to see where they lead. In this case, the link led to microsoft0[.]moonfruit[.]com. <\/p>\n\n\n\n
![\"\"](\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/02\/2-8-21-owa-upgrade-link-1024x391.png\")
<\/figure>\n\n\n\nText of Phishing Message<\/p>\n\n\n\n
From: stefanie.sjuts[@]jade-hs[.]de
Subject: AW: ITS Help-Desk<\/p>\n\n\n\nTo All Employees\\Staff,<\/p>\n\n\n\n
Take note of this important update that our new web mail has been improved with a new messaging system from Owa\/outlook which also include faster usage on email, shared calendar,web-documents and the new 2021 anti-spam version.<\/p>\n\n\n\n
Kindly use the link below to complete your 2021 Outlook Webmail User authentication form.
CLICK on ( Outlook Web Access ) to update immediately.
Best Regards,
ITS Help-Desk
Office of Information Technology Services (ITS)<\/p>\n","protected":false},"excerpt":{"rendered":"Original Phishing Message Note: If you received this message, please simply delete it. The email is not legitimate. If you clicked the link and entered your credentials on the site, please immediately contact the Service Desk at x8585 as your account may be compromised. Tips For Detection Notice the “Caution” banner prepended to the email. […]<\/p>\n","protected":false},"author":521,"featured_media":272,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3,4],"class_list":["post-270","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing","tag-phishtank"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/270","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=270"}],"version-history":[{"count":4,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/270\/revisions"}],"predecessor-version":[{"id":278,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/270\/revisions\/278"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/272"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=270"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=270"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=270"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}