{"id":43,"date":"2020-09-16T18:49:26","date_gmt":"2020-09-16T18:49:26","guid":{"rendered":"http:\/\/blogs.pugetsound.edu\/infosec\/?p=43"},"modified":"2020-09-23T12:48:55","modified_gmt":"2020-09-23T19:48:55","slug":"phishing-example-from-3-16-20-pugetsound-edu-23-evoice-call-pending","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/43","title":{"rendered":"Phishing Example from 3\/16\/20: &#8220;Pugetsound.edu &#8211; 23 eVoice call pending&#8221;"},"content":{"rendered":"<h3>Tips for Detection:<\/h3>\n<ul>\n<li>Our voicemail to email system does not utilize Office 365<\/li>\n<li>The attachment is a .htm file which is the file format for a webpage,\u00a0<strong>not<\/strong> the file format for an audio file (e.g. .wav, .m4a, .mp3)<\/li>\n<li>The email signature impersonates Microsoft but the sending address is @gmx.de<\/li>\n<\/ul>\n<h3>Original Phishing Message:<\/h3>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-16\" src=\"http:\/\/blogs.pugetsound.edu\/infosec\/files\/2020\/09\/3-16-20-vm-phish.jpg\" alt=\"\" width=\"639\" height=\"599\" srcset=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2020\/09\/3-16-20-vm-phish.jpg 639w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2020\/09\/3-16-20-vm-phish-300x281.jpg 300w\" sizes=\"auto, (max-width: 639px) 100vw, 639px\" \/><\/p>\n<h3>Text of Phishing Message:<\/h3>\n<p>Message from Trusted server.<\/p>\n<p>Office 365<\/p>\n<p>You have receieved a new voice mail from &#8220;Nannie Fadel&#8221;:Incoming Calls &#8211; [number removed]<\/p>\n<p>From: [number removed]<br \/>\nTo: [username]@pugetsound.edu<br \/>\nReceived: 03\/16\/20202020 , 16th March 2020 16:27:23.<br \/>\nDuration:&#8221;00:00:23&#8243;<br \/>\nFile:&#8221;VYLLVLDWWRT27X23&#8243;<\/p>\n<p>Play Audio.wav in Attachment Above<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Tips for Detection: Our voicemail to email system does not utilize Office 365 The attachment is a .htm file which is the file format for a webpage,\u00a0not the file format for an audio file (e.g. .wav, .m4a, .mp3) The email signature impersonates Microsoft but the sending address is @gmx.de Original Phishing Message: Text of Phishing [&hellip;]<\/p>\n","protected":false},"author":521,"featured_media":16,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3,4],"class_list":["post-43","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing","tag-phishtank"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/43","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=43"}],"version-history":[{"count":1,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/43\/revisions"}],"predecessor-version":[{"id":44,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/43\/revisions\/44"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/16"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=43"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=43"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=43"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}