{"id":521,"date":"2021-11-15T15:31:50","date_gmt":"2021-11-15T23:31:50","guid":{"rendered":"https:\/\/blogs.pugetsound.edu\/infosec\/?p=521"},"modified":"2021-11-15T15:31:51","modified_gmt":"2021-11-15T23:31:51","slug":"phishing-from-11-12-2021-staff-benefit-enrollment","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/521","title":{"rendered":"Phishing from 11\/12\/2021: “Staff Benefit Enrollment”"},"content":{"rendered":"\n

Original Phishing Message<\/h2>\n\n\n\n

Note: If you received this message, please delete it, as it is NOT legitimate. Do not click on the link or submit any information.<\/em><\/strong><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Tips for Detection<\/h2>\n\n\n\n
  • Note that the sender originated from outside the University. HR emails will always<\/span> come from @pugetsound.edu addresses. <\/li>
  • The link provided does not link to a Puget Sound website.<\/li>
  • The email sender (Michelle) does not match the signature (a department) <\/li><\/ul>\n\n\n\n

    Where Did the Link Lead?<\/h2>\n\n\n\n

    The link leads to goodwin[-]ma[.]cabanova[.]com and asks for your login information. Never submit passwords on forms. <\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    Text of Phishing Message<\/h2>\n\n\n\n

    From: <\/strong>goodwin[.]ma[@]easthartford[.]org
    Subject: <\/strong>Staff Benefit Enrollment

    This notice is to inform you that your benefits enrollment period has begun,\u00a0 you may now enroll in your benefits for the current plan year, and effect the salary increment .
    Please click on\u00a0 Benefit-Enrollment to complete the enrollment for salary increment In the Employee Benefits box , after completing\u00a0 the required information , click\u00a0 \u201cSubmit \u201d to start electing benefits\u00a0 from your date of hire. Be sure to wait for a confirmation link from resource manager to enable you complete the process.
    Thank you,
    Admin Department.<\/p>\n","protected":false},"excerpt":{"rendered":"

    Original Phishing Message Note: If you received this message, please delete it, as it is NOT legitimate. Do not click on the link or submit any information. Tips for Detection Note that the sender originated from outside the University. HR emails will always come from @pugetsound.edu addresses. The link provided does not link to a […]<\/p>\n","protected":false},"author":635,"featured_media":522,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3],"class_list":["post-521","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/521","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/635"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=521"}],"version-history":[{"count":1,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/521\/revisions"}],"predecessor-version":[{"id":524,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/521\/revisions\/524"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/522"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=521"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=521"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=521"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}