{"id":517,"date":"2021-11-15T15:24:05","date_gmt":"2021-11-15T23:24:05","guid":{"rendered":"https:\/\/blogs.pugetsound.edu\/infosec\/?p=517"},"modified":"2021-11-15T15:24:07","modified_gmt":"2021-11-15T23:24:07","slug":"phishing-from-11-12-2021-benefit-enrollment","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/517","title":{"rendered":"Phishing from 11\/12\/2021: &#8220;Benefit Enrollment&#8221;"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Original Phishing Message<\/h2>\n\n\n\n<p><em><strong>Note: If you received this message, please delete it, as it is NOT legitimate. Do not click on the link or submit any information. <\/strong><\/em><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"999\" height=\"312\" src=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/11\/11-12-21-benefits-phish.png\" alt=\"\" class=\"wp-image-518\" srcset=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/11\/11-12-21-benefits-phish.png 999w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/11\/11-12-21-benefits-phish-300x94.png 300w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/11\/11-12-21-benefits-phish-768x240.png 768w\" sizes=\"auto, (max-width: 999px) 100vw, 999px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Tips for Detection<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Legitimate emails regarding payroll and\/or benefits will come from Human Resources, from a @pugetsound.edu email address. You can always visit the HR website regarding information on payroll dates or benefits at: <a href=\"https:\/\/www.pugetsound.edu\/human-resources\">https:\/\/www.pugetsound.edu\/human-resources<\/a><\/li><li>Notice the &#8220;Caution&#8221; banner at the top of the email, warning you that this email was not sent from the University.<\/li><li>This email contains numerous typos, grammatical errors, and incorrect word choice. <\/li><li>The sender is an individual but signed off as a department.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Where Did the Link Lead?<\/h2>\n\n\n\n<p>The link goes to staffbenefitx[.]creatorlink[.]net, which then asks for your login information. Never submit passwords on forms. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"495\" src=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/11\/11-12-21-benefits-phish-link-1024x495.png\" alt=\"\" class=\"wp-image-519\" srcset=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/11\/11-12-21-benefits-phish-link-1024x495.png 1024w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/11\/11-12-21-benefits-phish-link-300x145.png 300w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/11\/11-12-21-benefits-phish-link-768x371.png 768w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/11\/11-12-21-benefits-phish-link.png 1243w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Text of Phishing Message<\/h2>\n\n\n\n<p><strong>From: <\/strong>goodwin[.]ma[@]easthartford[.]org <br><strong>Subject: <\/strong>Benefit Enrollment<br><br>This notice is to inform you that your benefits enrollment period has begun,\u00a0 you may now enroll in your benefits for the current plan year, and effect the salary increment .<br>Please click on\u00a0 Benefit-Enrollment to complete the enrollment for salary increment In the Employee Benefits box , after completing\u00a0 the required information , click\u00a0 \u201cComplete \u201d to start electing benefits\u00a0 from your date of hire.Thank you,<br>Personnel Dept.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Original Phishing Message Note: If you received this message, please delete it, as it is NOT legitimate. Do not click on the link or submit any information. Tips for Detection Legitimate emails regarding payroll and\/or benefits will come from Human Resources, from a @pugetsound.edu email address. You can always visit the HR website regarding information [&hellip;]<\/p>\n","protected":false},"author":635,"featured_media":518,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3],"class_list":["post-517","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/517","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/635"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=517"}],"version-history":[{"count":1,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/517\/revisions"}],"predecessor-version":[{"id":520,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/517\/revisions\/520"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/518"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=517"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=517"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=517"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}