{"id":526,"date":"2021-11-16T11:35:37","date_gmt":"2021-11-16T19:35:37","guid":{"rendered":"https:\/\/blogs.pugetsound.edu\/infosec\/?p=526"},"modified":"2021-11-16T11:35:39","modified_gmt":"2021-11-16T19:35:39","slug":"phishing-from-11-16-2021-re-employee-covid-19-program","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/526","title":{"rendered":"Phishing from 11\/16\/2021: &#8220;Re: Employee COVID-19 Program&#8221;"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Original Phishing Message<\/h2>\n\n\n\n<p><em><strong>Note: If you received this email, please delete the message, as it is NOT legitimate. <\/strong><\/em><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"406\" src=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/11\/image-1024x406.png\" alt=\"\" class=\"wp-image-527\" srcset=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/11\/image-1024x406.png 1024w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/11\/image-300x119.png 300w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/11\/image-768x304.png 768w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/11\/image.png 1058w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Tips for Detection<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Note the maroon caution banner attached at the top of the message.<\/li><li>Benefits-related emails will come from Puget Sound&#8217;s HR department, which will be from an @pugetsound.edu email address.<\/li><li>Note the sender is from outside the university.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Where Did the Link Lead?<\/h2>\n\n\n\n<p>The link leads to sitebuilder148732[.]dynadot[.]com, which asks for your login information. <span style=\"text-decoration: underline;\">Never<\/span> submit passwords on forms. <span style=\"text-decoration: underline;\"><\/span><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"966\" src=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/11\/image-1-1024x966.png\" alt=\"\" class=\"wp-image-528\" srcset=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/11\/image-1-1024x966.png 1024w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/11\/image-1-300x283.png 300w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/11\/image-1-768x724.png 768w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/11\/image-1.png 1034w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Text of Phishing Message<\/h2>\n\n\n\n<p><strong>From<\/strong>: KMiller[@]ctcd[.]edu<br><strong>Subject: <\/strong>Re: Employee COVID-19 Program<br><br><\/p>\n\n\n\n<p>The Employee Assistance Program (E.A.P)&nbsp;will be supporting all employees with cash assistance as part of a benefit plan to help employees get through the hard times due to the&nbsp;COVID-19&nbsp;pandemic.<\/p>\n\n\n\n<p>The&nbsp;Employee Assistance Program&nbsp;will&nbsp;provide $3,700 in assistance to all qualified employees after applications are reviewed, processed, and approved, starting from today,Tuesday, November 16, 2021<\/p>\n\n\n\n<p>Visit the COVID-19 Support page and follow all instructions carefully, and enter the most appropriate details to apply.<\/p>\n\n\n\n<p>Note: the support program is only available to qualifying&nbsp;employees.&nbsp;All the information requested is required for your application to be processed.<\/p>\n\n\n\n<p>Sincerely,<\/p>\n\n\n\n<p><strong>Kipley Miller<\/strong><br><em>COVID-19\u00a0Support Team.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Original Phishing Message Note: If you received this email, please delete the message, as it is NOT legitimate. Tips for Detection Note the maroon caution banner attached at the top of the message. Benefits-related emails will come from Puget Sound&#8217;s HR department, which will be from an @pugetsound.edu email address. Note the sender is from [&hellip;]<\/p>\n","protected":false},"author":635,"featured_media":527,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3],"class_list":["post-526","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/526","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/635"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=526"}],"version-history":[{"count":1,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/526\/revisions"}],"predecessor-version":[{"id":529,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/526\/revisions\/529"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/527"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=526"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=526"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=526"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}