![\"\"](\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/02\/2-24-21-IT-phish-email-data-1024x409.png\")
<\/figure>\n\n\n\nTips for Detection<\/p>\n\n\n\n
- Notice the “Caution” banner that was applied to the top of the message. Technology Services adds the banner on emails that match patterns of previous phishing attempts. <\/li>
- The sending email address is from the cornwallhospital[.]ca domain. This is not a Puget Sound address. <\/li>
- Technology Services will not ask you to click a link to protect your email or to upgrade your email. <\/li>
- The display name “Barretto, Dawn” versus the name in the email signature “Josselin Issabelle” do not match. Further, neither individuals work at the university. <\/li><\/ul>\n\n\n\n
Where did the link lead?<\/p>\n\n\n\n
The link led to a fraudulent Outlook sign in page. Note: If you entered your credentials on this page, please immediately change your password and contact the Service Desk at x8585. Your credentials are likely compromised. <\/em><\/strong><\/p>\n\n\n\n
![\"\"](\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/02\/2-24-21-IT-phish-1-1024x397.png\")
<\/figure>\n\n\n\nText of Phishing Message<\/p>\n\n\n\n
From: Dawn.Barretto[@]cornwallhospital[.]ca
Subject: IT Services Department<\/p>\n\n\n\nAll our Outlook Users are at risk today.<\/p>\n\n\n\n
You were contacted by the IT Services Department In an approach to Protect our Email Data, which you ignored. We received a severe unsolicited message sent in bulk to all our outlook Users. Please secured your email NOW with our new anti-Spam Mailinblack, for your mail to be delivered, please Protect your email now by visiting our anti-Spam Mailinblack Portal at https:\/\/app[.]getresponse[.]com\/site2\/dawnbarretto\/?u=QvzCa&webforms_id=zZIsP and install the anti-Spam Mailinblack Software.<\/p>\n\n\n\n
Regards,
Josselin issabelle
IT Service Desk Support
IT-Support Analyst
Information Technology Services DEPT.<\/p>\n","protected":false},"excerpt":{"rendered":"Original Phishing Message Note: If you received this message, please simply delete the message. Do not click any links and do not enter or reply with any information. Tips for Detection Notice the “Caution” banner that was applied to the top of the message. Technology Services adds the banner on emails that match patterns of […]<\/p>\n","protected":false},"author":521,"featured_media":289,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3,4],"class_list":["post-288","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing","tag-phishtank"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/288","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=288"}],"version-history":[{"count":2,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/288\/revisions"}],"predecessor-version":[{"id":294,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/288\/revisions\/294"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/289"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=288"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=288"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=288"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}