![\"\"](\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/02\/2-10-22-payroll-phish.png\")
<\/figure>\n\n\n\nTips for Detection<\/p>\n\n\n\n
- Emails containing threats to withhold payment or terminate your account and asking you to click a link to verify your email are generally not legitimate. A sense of urgency is common in phishing emails.<\/li>
- Notice the maroon “Caution” banner prepended to the message. Messages with this banner match patterns of other phishing emails. <\/li>
- The sender of this email it outside the university. <\/li>
- Legitimate messages from Human Resources will come from an @pugetsound.edu address. <\/li><\/ul>\n\n\n\n
Where Did the Link Lead?<\/p>\n\n\n\n
The link led to a fake Outlook Web App log in page on betimar[.]com\/OWA\/. Do not enter your credentials on sites you do not recognize. Remember, the website to log in to your Puget Sound email is webmail.pugetsound.edu. <\/p>\n\n\n\n
![\"\"](\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/02\/2-10-22-payroll-phish-link-1-1024x617.png\")
<\/figure>\n\n\n\nText of Phishing Message<\/p>\n\n\n\n
From: <\/strong>sheree.henton[@]bisd[.]net
Subject:<\/strong> RE: Payroll Earning Statement<\/p>\n\n\n\nYour Earning Statement for the month of February is attached in the link below. All staff & employees are expected to verify their email account for a new payroll directory and adjustments for the month of February. Kindly Click Earning-Statement and complete the required directive to avoid ‘Hold’ of your benefit payment for February 2022.<\/p>\n\n\n\n
Thank you,
Payroll Admin Department.<\/p>\n","protected":false},"excerpt":{"rendered":"Original Phishing Message NOTE: If you received this message, please simply delete it as it is NOT legitimate. Do not click on the link. Tips for Detection Emails containing threats to withhold payment or terminate your account and asking you to click a link to verify your email are generally not legitimate. A sense of […]<\/p>\n","protected":false},"author":521,"featured_media":631,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3],"class_list":["post-629","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/629","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=629"}],"version-history":[{"count":2,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/629\/revisions"}],"predecessor-version":[{"id":643,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/629\/revisions\/643"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/631"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=629"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=629"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=629"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}