{"id":409,"date":"2021-06-04T09:47:47","date_gmt":"2021-06-04T16:47:47","guid":{"rendered":"https:\/\/blogs.pugetsound.edu\/infosec\/?p=409"},"modified":"2021-06-04T09:47:48","modified_gmt":"2021-06-04T16:47:48","slug":"phishing-from-6-4-21-albright-cheryl-shared-docx-copy-with-you","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/409","title":{"rendered":"Phishing from 6\/4\/21: “Albright Cheryl shared “Docx copy” with you.”"},"content":{"rendered":"\n

Original Phishing Message<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Where Did The Link Lead?<\/p>\n\n\n\n

The link in the phishing email leads to a benign document hosted on Microsoft Sharepoint. Generally, if you see any documents that look like the image below where it asks to “Click Here to view”, it is probably part of a phishing attempt. <\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Clicking on the “Here” links to a Microsoft Form asking for your email\/password combination. Never submit passwords in forms or enter your username\/password on sites you do not recognize. <\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Text of Phishing Message<\/p>\n\n\n\n

Subject: <\/strong>Albright Cheryl shared “Docx copy” with you.<\/p>\n\n\n\n

Albright Cheryl shared a file with you<\/p>\n\n\n\n

FWD: Sabah Randhawa Has shared a File with One Drive<\/p>\n\n\n\n

Docx copy [link removed<\/em>]<\/p>\n\n\n\n

This link will work for anyone.<\/p>\n\n\n\n

Open [link removed<\/em>]<\/p>\n","protected":false},"excerpt":{"rendered":"

Original Phishing Message Where Did The Link Lead? The link in the phishing email leads to a benign document hosted on Microsoft Sharepoint. Generally, if you see any documents that look like the image below where it asks to “Click Here to view”, it is probably part of a phishing attempt. Clicking on the “Here” […]<\/p>\n","protected":false},"author":521,"featured_media":410,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3],"class_list":["post-409","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/409","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=409"}],"version-history":[{"count":1,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/409\/revisions"}],"predecessor-version":[{"id":413,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/409\/revisions\/413"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/410"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=409"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=409"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=409"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}