{"id":303,"date":"2021-03-01T14:58:34","date_gmt":"2021-03-01T22:58:34","guid":{"rendered":"http:\/\/blogs.pugetsound.edu\/infosec\/?p=303"},"modified":"2021-03-01T14:58:36","modified_gmt":"2021-03-01T22:58:36","slug":"phishing-from-3-1-2021-password-notification-for-pugetsound-at-march-1-2021","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/303","title":{"rendered":"Phishing from 3\/1\/2021: “Password Notification for Pugetsound at March 1, 2021”"},"content":{"rendered":"\n

Original Phishing Message<\/p>\n\n\n\n

Note: If you received this email, simply delete the message. Do not click any links. <\/em><\/strong><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Tips for Detection<\/p>\n\n\n\n

  • Notice the \u201cCaution\u201d banner that was applied to the top of the message. Technology Services adds the banner on emails that match patterns of previous phishing attempts.<\/li>
  • There are multiple occurrences where “Pugetsound” is used instead of “Puget Sound” to refer to the university. <\/li>
  • Technology Services will never ask you to click a link on an email to keep your password.<\/li>
  • The email purports to be a notice from Microsoft Office 365. However, the link in the email does not lead to a Microsoft site nor a Puget Sound site. Always hover over links to see where they lead. <\/li><\/ul>\n\n\n\n

    Text of Phishing Message<\/p>\n\n\n\n

    From: berlynny[@]unm[.]edu
    Subject: Password Notification for Pugetsound at [date, time<\/em>]<\/p>\n\n\n\n

    O\u2060f\u2060f\u2060i\u2060c\u2060e \u20603\u20606\u20605\u2060
    Hello [username<\/em>],<\/p>\n\n\n\n

    Your password is set to expire today.
    Change or continue using current password.<\/p>\n\n\n\n

    Retain Current Credentials [link removed<\/em>]<\/p>\n\n\n\n

    Pugetsound Help Center<\/p>\n","protected":false},"excerpt":{"rendered":"

    Original Phishing Message Note: If you received this email, simply delete the message. Do not click any links. Tips for Detection Notice the \u201cCaution\u201d banner that was applied to the top of the message. Technology Services adds the banner on emails that match patterns of previous phishing attempts. There are multiple occurrences where “Pugetsound” is […]<\/p>\n","protected":false},"author":521,"featured_media":304,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3,4],"class_list":["post-303","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing","tag-phishtank"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/303","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=303"}],"version-history":[{"count":1,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/303\/revisions"}],"predecessor-version":[{"id":305,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/303\/revisions\/305"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/304"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=303"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=303"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=303"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}