{"id":545,"date":"2022-01-05T08:22:06","date_gmt":"2022-01-05T16:22:06","guid":{"rendered":"https:\/\/blogs.pugetsound.edu\/infosec\/?p=545"},"modified":"2022-01-05T08:44:40","modified_gmt":"2022-01-05T16:44:40","slug":"phishing-from-1-5-2022-fax-documents-for-usernamepugetsound-edu","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/545","title":{"rendered":"Phishing from 1\/5\/2022: “Fax Documents for [username]@pugetsound.edu”"},"content":{"rendered":"\n

Original Phishing Message<\/p>\n\n\n\n

Note: If you received this, please simply delete it and do not click on any links. <\/em><\/strong><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Tips for Detection<\/p>\n\n\n\n

  • Notice the maroon caution banner applied to the message. This indicates the message matches patterns of other phishing attempts. <\/li>
  • The university does not currently utilize a fax to email service. If you receive a message indicating you received a fax, it is most likely not legitimate. <\/li>
  • Always double-check the sender’s email address. If you do not recognize the sender and are not expecting a message, use extra caution. <\/li>
  • The timestamp mismatch between email delivery (5:23am) versus the time mentioned in the body of the message (8:10am) should be suspicious. <\/li><\/ul>\n\n\n\n

    Text of Phishing Message<\/p>\n\n\n\n

    From: <\/strong>dave[@]unq3319582d9386492d80beb90b95780[.]s02[.]dyn365mktg[.]com
    Subject: <\/strong>Fax Documents for [username<\/em>]@pugetsound.edu<\/p>\n\n\n\n

    This Message was sent to [username<\/em>]@pugetsound.edu.
    Delivered at 08:10 AM, wed January 5th.
    Size 20.43kb<\/p>\n\n\n\n

    Retrieve Fax Message [link removed<\/em>]<\/p>\n\n\n\n

    If you are not the intended recipient Please do not view.<\/p>\n\n\n\n

    \u00a9 2022 Microsoft Dynamics. All rights reserved.
    Unsubscribe<\/p>\n","protected":false},"excerpt":{"rendered":"

    Original Phishing Message Note: If you received this, please simply delete it and do not click on any links. Tips for Detection Notice the maroon caution banner applied to the message. This indicates the message matches patterns of other phishing attempts. The university does not currently utilize a fax to email service. If you receive […]<\/p>\n","protected":false},"author":521,"featured_media":546,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3],"class_list":["post-545","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/545","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=545"}],"version-history":[{"count":2,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/545\/revisions"}],"predecessor-version":[{"id":549,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/545\/revisions\/549"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/546"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=545"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=545"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=545"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}