{"id":438,"date":"2021-07-30T13:32:04","date_gmt":"2021-07-30T20:32:04","guid":{"rendered":"https:\/\/blogs.pugetsound.edu\/infosec\/?p=438"},"modified":"2021-07-30T13:33:08","modified_gmt":"2021-07-30T20:33:08","slug":"phishing-from-7-30-21-pugetsound-ongoing_paymentinv084767289-schedule-for-today-july-30-2021-122615-pm","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/438","title":{"rendered":"Phishing from 7\/30\/21: &#8220;.pugetsound\/Ongoing_PaymentINV084767289** Schedule for today July 30, 2021&#8221;"},"content":{"rendered":"\n<p class=\"has-large-font-size\">Original Phishing Message<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"649\" src=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/07\/7-30-21-invoice-phish-1024x649.png\" alt=\"\" class=\"wp-image-439\" srcset=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/07\/7-30-21-invoice-phish-1024x649.png 1024w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/07\/7-30-21-invoice-phish-300x190.png 300w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/07\/7-30-21-invoice-phish-768x487.png 768w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/07\/7-30-21-invoice-phish.png 1032w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"has-large-font-size\">Tips for Detection<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Notice the &#8220;Caution&#8221; banner pre-pended to the message. Technology Services adds this banner to messages that match patterns of previous phishing emails.<\/li><li>Beware of .htm or .html attachments as they usually open a webpage designed to trick you into entering your credentials which will then be sent to the attacker. <\/li><li>Double check the sender&#8217;s email address and do not reply, open attachments, or click links if you are unsure who the sender is. <\/li><\/ul>\n\n\n\n<p class=\"has-large-font-size\">Text of Phishing Message<\/p>\n\n\n\n<p><strong>Subject:<\/strong> .pugetsound\/Ongoing_PaymentINV084767289** Schedule for today July 30, 2021, 12:26:15 PM<br><strong>From:<\/strong> cwynkoop[@]ci[.]pinole[.]ca[.]us<\/p>\n\n\n\n<p>INCOMING_FAX*<\/p>\n\n\n\n<p>Received: &#8211; July 30, 2021, 12:18:32 PM GMT<\/p>\n\n\n\n<p>Documents transcript record data Received<\/p>\n\n\n\n<p>Sender Details:<\/p>\n\n\n\n<p>DTMF\/DID: + [<em>username removed<\/em>]<\/p>\n\n\n\n<p>Resolution: Normal<\/p>\n\n\n\n<p>Type: Attachement.<\/p>\n\n\n\n<p>Reference #: -#INV0489473646-94.EFX*<\/p>\n\n\n\n<p>(c)FAX_STATUS_CODE: SUCCESSFUL_DELIVERY.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Original Phishing Message Tips for Detection Notice the &#8220;Caution&#8221; banner pre-pended to the message. Technology Services adds this banner to messages that match patterns of previous phishing emails. Beware of .htm or .html attachments as they usually open a webpage designed to trick you into entering your credentials which will then be sent to the [&hellip;]<\/p>\n","protected":false},"author":521,"featured_media":439,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-438","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/438","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=438"}],"version-history":[{"count":2,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/438\/revisions"}],"predecessor-version":[{"id":441,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/438\/revisions\/441"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/439"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=438"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=438"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=438"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}