{"id":618,"date":"2022-02-07T15:14:07","date_gmt":"2022-02-07T23:14:07","guid":{"rendered":"https:\/\/blogs.pugetsound.edu\/infosec\/?p=618"},"modified":"2022-02-07T15:18:08","modified_gmt":"2022-02-07T23:18:08","slug":"phishing-from-2-7-2022-error-in-pugetsound-outlook","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/618","title":{"rendered":"Phishing from 2\/7\/2022: &#8221; Error\/in\/Pugetsound\/Outlook&#8221;"},"content":{"rendered":"\n<p class=\"has-large-font-size\">Text of Phishing Message<\/p>\n\n\n\n<p><strong>From:<\/strong> Pugetsound\/ADMIN &lt;mailmag[@]pmaj[.]or[.]jp><br><strong>Subject:<\/strong> Error\/in\/Pugetsound\/Outlook<\/p>\n\n\n\n<p>I\u200bn\u200bc\u200bo\u200bm\u200bi\u200bn\u200bg\u200b \u200bm\u200be\u200bs\u200bs\u200ba\u200bg\u200be\u200bs\u200b \u200bf\u200bo\u200br\u200b [<em>username<\/em>]@pugetsound.edu c\u200bo\u200bu\u200bl\u200bd\u200bn\u200b&#8217;\u200bt\u200b \u200bb\u200be\u200b \u200bd\u200be\u200bl\u200bi\u200bv\u200be\u200br\u200be\u200bd\u200b.<\/p>\n\n\n\n<p>A\u200bc\u200bt\u200bi\u200bo\u200bn\u200b \u200bR\u200be\u200bq\u200bu\u200bi\u200br\u200be\u200bd\u200b C\u200bo\u200bn\u200bf\u200bi\u200br\u200bm\u200ba\u200bt\u200bi\u200bo\u200bn\u200b<\/p>\n\n\n\n<p>F\u200bi\u200bx \u200be\u200bm\u200ba\u200bi\u200bl\u200b i\u200bs\u200bs\u200bu\u200be\u200bs\u200b \u200bb\u200be\u200bl\u200bo\u200bw\u200b<\/p>\n\n\n\n<p>https:\\supports[.]azurefd[.]net#[<em>username]<\/em>@pugetsound[.]edu<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p class=\"has-large-font-size\">Tips for Detection<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>When a maroon caution banner is prepended to a message, please take extra time to examine the email address sender and any attachments\/links before taking action. <\/li><li>Notice the email address sending the message is from mailmag[@]pmaj[.]or[.]jp which should be suspicious.<\/li><li>Notice the link to &#8220;fix email issues&#8221; does not go to a pugetsound.edu site. Remember, Puget Sound email can be accessed via webmail.pugetsound.edu. <\/li><\/ul>\n\n\n\n<p class=\"has-large-font-size\">Where Did the Link Lead?<\/p>\n\n\n\n<p>The link led to a fake Microsoft Office login page. Do not enter your credentials on sites you do not recognize.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"610\" src=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/02\/2-7-22-release-messages-phish-1024x610.png\" alt=\"\" class=\"wp-image-619\" srcset=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/02\/2-7-22-release-messages-phish-1024x610.png 1024w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/02\/2-7-22-release-messages-phish-300x179.png 300w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/02\/2-7-22-release-messages-phish-768x458.png 768w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/02\/2-7-22-release-messages-phish.png 1087w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>Text of Phishing Message From: Pugetsound\/ADMIN &lt;mailmag[@]pmaj[.]or[.]jp>Subject: Error\/in\/Pugetsound\/Outlook I\u200bn\u200bc\u200bo\u200bm\u200bi\u200bn\u200bg\u200b \u200bm\u200be\u200bs\u200bs\u200ba\u200bg\u200be\u200bs\u200b \u200bf\u200bo\u200br\u200b [username]@pugetsound.edu c\u200bo\u200bu\u200bl\u200bd\u200bn\u200b&#8217;\u200bt\u200b \u200bb\u200be\u200b \u200bd\u200be\u200bl\u200bi\u200bv\u200be\u200br\u200be\u200bd\u200b. A\u200bc\u200bt\u200bi\u200bo\u200bn\u200b \u200bR\u200be\u200bq\u200bu\u200bi\u200br\u200be\u200bd\u200b C\u200bo\u200bn\u200bf\u200bi\u200br\u200bm\u200ba\u200bt\u200bi\u200bo\u200bn\u200b F\u200bi\u200bx \u200be\u200bm\u200ba\u200bi\u200bl\u200b i\u200bs\u200bs\u200bu\u200be\u200bs\u200b \u200bb\u200be\u200bl\u200bo\u200bw\u200b https:\\supports[.]azurefd[.]net#[username]@pugetsound[.]edu Tips for Detection When a maroon caution banner is prepended to a message, please take extra time to examine the email address sender and any attachments\/links before taking action. Notice the email [&hellip;]<\/p>\n","protected":false},"author":521,"featured_media":619,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3],"class_list":["post-618","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/618","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=618"}],"version-history":[{"count":2,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/618\/revisions"}],"predecessor-version":[{"id":622,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/618\/revisions\/622"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/619"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=618"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=618"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=618"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}