{"id":397,"date":"2021-05-27T08:46:56","date_gmt":"2021-05-27T15:46:56","guid":{"rendered":"https:\/\/blogs.pugetsound.edu\/infosec\/?p=397"},"modified":"2021-05-27T08:46:58","modified_gmt":"2021-05-27T15:46:58","slug":"phishing-from-5-26-21-melissa-barna-shared-docx-with-you","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/397","title":{"rendered":"Phishing from 5\/26\/21: “MELISSA BARNA shared “docx” with you.”"},"content":{"rendered":"\n

Original Phishing Message<\/p>\n\n\n\n

Note: If you received this message, please simply delete it as it is <\/em>not legitimate. Do not click on links or enter your credentials.<\/em><\/strong><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Tips for Detection<\/p>\n\n\n\n

  • Notice the “Caution” banner prepended to the message. This indicates that the email matches patterns of previous phishing attempts. Always use extra caution if you see this banner. <\/li>
  • Beware of cloud file sharing links that you are not expecting especially if the file name has an extremely generic title like “docx”.<\/li>
  • Notice the discrepancy between the text in the body of the message claiming that \u201cIsiaah Crawford Shared a file\u201d versus the actual sender being \u201cMelissa Barna\u201d<\/li><\/ul>\n\n\n\n

    Text of Phishing Message<\/p>\n\n\n\n

    From: <\/strong>MBARNA[@]ebnet[.]org
    Subject: <\/strong>MELISSA BARNA shared “docx” with you.<\/p>\n\n\n\n

    MELISSA BARNA shared a file with you<\/p>\n\n\n\n

    FWD:Isiaah Crawford Shared a file with One Drive<\/p>\n\n\n\n

    docx [link removed<\/em>]<\/p>\n\n\n\n

    This link only works for the direct recipients of this message.<\/p>\n\n\n\n

    Open [link removed<\/em>]<\/p>\n","protected":false},"excerpt":{"rendered":"

    Original Phishing Message Note: If you received this message, please simply delete it as it is not legitimate. Do not click on links or enter your credentials. Tips for Detection Notice the “Caution” banner prepended to the message. This indicates that the email matches patterns of previous phishing attempts. Always use extra caution if you […]<\/p>\n","protected":false},"author":521,"featured_media":398,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3],"class_list":["post-397","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/397","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=397"}],"version-history":[{"count":1,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/397\/revisions"}],"predecessor-version":[{"id":399,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/397\/revisions\/399"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/398"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=397"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=397"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=397"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}