{"id":443,"date":"2021-09-13T09:10:41","date_gmt":"2021-09-13T16:10:41","guid":{"rendered":"https:\/\/blogs.pugetsound.edu\/infosec\/?p=443"},"modified":"2021-09-13T09:10:43","modified_gmt":"2021-09-13T16:10:43","slug":"phishing-from-9-12-21-please-relogin-to-usernamepugetsound-edu","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/443","title":{"rendered":"Phishing from 9\/12\/21: &#8220;Please relogin to [username]@pugetsound.edu&#8221;"},"content":{"rendered":"\n<p class=\"has-large-font-size\">Original Phishing Message<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"461\" src=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/09\/9-13-21-webmail-relogin-phish-1024x461.png\" alt=\"\" class=\"wp-image-444\" srcset=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/09\/9-13-21-webmail-relogin-phish-1024x461.png 1024w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/09\/9-13-21-webmail-relogin-phish-300x135.png 300w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/09\/9-13-21-webmail-relogin-phish-768x346.png 768w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/09\/9-13-21-webmail-relogin-phish.png 1080w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"has-large-font-size\">Tips for Detection<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Notice the &#8220;Caution&#8221; banner prepended to the message. This banner is added to messages that match patterns of previous phishing attempts. <\/li><li>The link in the email leads to a phishing site webmailauth9172[.]com. Remember, webmail.pugetsound.edu is the URL to access your Puget Sound email. <\/li><li>Technology Services will not ask you click a link in an email to &#8220;revalidate&#8221;, &#8220;relogin&#8221;, or &#8220;upgrade&#8221; your account. <\/li><li>General tip: do not log in with your Puget Sound credentials on websites that do not end with &#8220;pugetsound.edu&#8221; as they may be phishing sites designed to steal your information.<\/li><\/ul>\n\n\n\n<p class=\"has-large-font-size\">Text of Phishing Message<\/p>\n\n\n\n<p><strong>Subject: <\/strong>Please relogin to [<em>username<\/em>]@pugetsound.edu<br>Fr<strong>om: <\/strong>admin[@]amandaku[.]com, admin[@]loeliges[.]com, admin[@]cryptoincome[.]link<\/p>\n\n\n\n<p>Hello,<\/p>\n\n\n\n<p>Your email address ([<em>username<\/em>]@pugetsound.edu) is required to relogin today in order to mentain accurate server information. This is an automated process and should take only one minute, but it is mandatory within the next 24 hours.<\/p>\n\n\n\n<p>Log In To Webmail [<em>link removed<\/em>]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Original Phishing Message Tips for Detection Notice the &#8220;Caution&#8221; banner prepended to the message. This banner is added to messages that match patterns of previous phishing attempts. The link in the email leads to a phishing site webmailauth9172[.]com. Remember, webmail.pugetsound.edu is the URL to access your Puget Sound email. Technology Services will not ask you [&hellip;]<\/p>\n","protected":false},"author":521,"featured_media":444,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3],"class_list":["post-443","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/443","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=443"}],"version-history":[{"count":1,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/443\/revisions"}],"predecessor-version":[{"id":445,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/443\/revisions\/445"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/444"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=443"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=443"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=443"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}