![\"\"](\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/05\/5-31-22-maintenance-phish.png\")
<\/figure>\n\n\n\nTips for Detection<\/p>\n\n\n\n
- Notice the maroon caution banner prepended to the message. Messages with this banner match previous phishing attempts. <\/li>
- Technology Services will not ask you to click on a link to update your email. <\/li>
- Notice the reference to “Pugetsound University” instead of “University of Puget Sound”.<\/li>
- Always hover over hyperlinked text. In this case, it was tricky as it appeared to go to a pugetsound.edu website. However, hovering over the link reveals the link would go to https:\/\/www[.]cognitoforms[.]com\/elizabethphanllc\/maintenanceupdate or https:\/\/7a815daf[.]sibforms[.]com\/. <\/li><\/ul>\n\n\n\n
Where Did the Link Lead?<\/p>\n\n\n\n
Note: If you entered your credentials on this form, please call the Service Desk as soon as possible at 253-879-8585 (option 2) as your password is compromised.<\/em><\/strong><\/p>\n\n\n\n
The link led to a fake form intended to steal your credentials: https:\/\/www[.]cognitoforms[.]com\/elizabethphanllc\/maintenanceupdate. Never enter credentials on web forms or on sites you do not recognize. <\/p>\n\n\n\n
![\"\"](\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/05\/5-31-22-maintenance-phish-link-1024x535.png\")
<\/figure>\n\n\n\nText of Phishing Message<\/p>\n\n\n\n
From: <\/strong>akhanna5[@]lion[.]lmu[.]edu OR hamj[@]gvsu[.]edu
Subject: <\/strong>Maintenance<\/p>\n\n\n\nPUGETSOUND UNIVERSITY\/Office365 service is currently undergoing scheduled maintenance on our mail servers due to high levels of queued emails.<\/p>\n\n\n\n
All users are mandated to complete this update.
https:\/\/www[.]pugetsound[.]edu\/technology-support\/help-support [LINK REMOVED<\/em>]<\/p>\n","protected":false},"excerpt":{"rendered":"Original Phishing Message Note: If you received this message or a similar one, please delete it and do not click on any links. The message is NOT legitimate. Tips for Detection Notice the maroon caution banner prepended to the message. Messages with this banner match previous phishing attempts. Technology Services will not ask you to […]<\/p>\n","protected":false},"author":521,"featured_media":745,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3],"class_list":["post-744","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/744","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=744"}],"version-history":[{"count":3,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/744\/revisions"}],"predecessor-version":[{"id":751,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/744\/revisions\/751"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/745"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=744"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=744"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=744"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}