![\"\"](\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/03\/3-1-21-it-help-survey-1-1024x322.jpg\")
<\/figure>\n\n\n\nTips for Detection<\/p>\n\n\n\n
- Notice the “Caution” banner that was applied to the top of the message. Technology Services adds the banner on emails that match patterns of previous phishing attempts. <\/li>
- The sending email address is from the cornwallhospital[.]ca domain. This is not <\/strong>a Puget Sound address. <\/li>
- The link in the email leads to ithelpsurveyinvitationportal[.]godaddysites[.]com which is not<\/strong> a Puget Sound site. <\/li>
- Technology Services does utilize a ticketing system. Any legitimate survey request or ticket update will come from an @pugetsound.edu address and links in those emails will begin with https:\/\/kbox.pugetsound.edu. <\/li><\/ul>\n\n\n\n
Where did the link lead?<\/p>\n\n\n\n
The link led to a fraudulent survey portal that asked for your username, email, and password. Note: If you entered your credentials on this page, please immediately change your password and contact the Service Desk at x8585. Your credentials are likely compromised. <\/em><\/strong><\/p>\n\n\n\n
![\"\"](\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/03\/3-1-21-it-help-survey-link-1024x537.jpg\")
<\/figure>\n\n\n\nText of Phishing Message<\/p>\n\n\n\n
From: Sonya.Marleau-Bonacci[@]cornwallhospital[.]ca
Subject: E: ITHelp Survey invitation<\/p>\n\n\n\nYou have been invited to take a Satisfaction survey for a recent IT-Help ticket.
here to take your survey
To view your survey queue at any time, sign in and navigate to Self-Service > My Assessments & Surveys.<\/p>\n\n\n\nAdditional details about this Survey are:
Number #: INC1798292
Short Description: HELP-DESK ALERT.
Description:
Resolved Date: Today
Ref:MSG5211182<\/p>\n","protected":false},"excerpt":{"rendered":"Original Phishing Message Note: If you received this message, please simply delete the message. Do not click any links and do not enter or reply with any information. Tips for Detection Notice the “Caution” banner that was applied to the top of the message. Technology Services adds the banner on emails that match patterns of […]<\/p>\n","protected":false},"author":521,"featured_media":298,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3,4],"class_list":["post-296","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing","tag-phishtank"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/296","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=296"}],"version-history":[{"count":2,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/296\/revisions"}],"predecessor-version":[{"id":301,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/296\/revisions\/301"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/298"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=296"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=296"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=296"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- The link in the email leads to ithelpsurveyinvitationportal[.]godaddysites[.]com which is not<\/strong> a Puget Sound site. <\/li>