![\"\"](\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/12\/12-17-21-contracts-phish-1024x461.png\")
<\/figure>\n\n\n\nTips for Detection<\/p>\n\n\n\n
- Note the caution banner prepended to the message. Emails that match patterns of other phishing attempts will have this maroon banner.<\/li>
- Always hover over links before clicking them to determine if they lead to trusted sites. <\/li>
- Use caution when replying, clicking links, or opening attachments when receiving unexpected emails. If you know the individual but the email feels off, reach out to them via an alternate means of contact. <\/li><\/ul>\n\n\n\n
Where did the Link Lead?<\/p>\n\n\n\n
The link led to a phishing site l5z55k[.]axshare[.]com designed to appear like a document sharing page. <\/p>\n\n\n\n
![\"\"](\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/12\/12-17-21-contracts-phish-pdf-1024x491.png\")
<\/figure>\n\n\n\nWhen attempting to view the PDF, it would prompt you for credentials impersonating the Microsoft login page. <\/p>\n\n\n\n
![\"\"](\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/12\/12-17-21-contracts-phish-login-prompt-1024x528.png\")
<\/figure>\n\n\n\nText of Phishing Message<\/p>\n\n\n\n
From: michael[@]osstherapy[.]com
Subject: CONTRACTS SETTLEMENTS PLANS<\/p>\n\n\n\nHello,<\/p>\n\n\n\n
Good morning. I hope you are well?<\/p>\n\n\n\n
Please review below and kindly get back to me.<\/p>\n\n\n\n
CONTRACTS SETTLEMENTS PLANS.PDF [link removed<\/em>]<\/p>\n\n\n\n
Thanks<\/p>\n\n\n\n
Michael<\/p>\n","protected":false},"excerpt":{"rendered":"
Original Phishing Message NOTE: If you received this message, please delete it as it is NOT legitimate and do not click the link. If you entered credentials on the linked webpage, please contact the Service Desk immediately as your credentials are likely compromised. Tips for Detection Note the caution banner prepended to the message. Emails […]<\/p>\n","protected":false},"author":521,"featured_media":538,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3],"class_list":["post-537","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/537","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=537"}],"version-history":[{"count":2,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/537\/revisions"}],"predecessor-version":[{"id":543,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/537\/revisions\/543"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/538"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=537"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=537"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=537"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}