{"id":764,"date":"2022-06-20T11:55:36","date_gmt":"2022-06-20T18:55:36","guid":{"rendered":"https:\/\/blogs.pugetsound.edu\/infosec\/?p=764"},"modified":"2022-06-20T12:00:55","modified_gmt":"2022-06-20T19:00:55","slug":"phishing-from-6-20-22-maintenance-status","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/764","title":{"rendered":"Phishing from 6\/20\/22: &#8220;maintenance status&#8221;"},"content":{"rendered":"\n<p class=\"has-large-font-size\">Original Phishing Message<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"409\" src=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/06\/Screen-Shot-2022-06-20-at-11.44.39-AM-1024x409.png\" alt=\"\" class=\"wp-image-765\" srcset=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/06\/Screen-Shot-2022-06-20-at-11.44.39-AM-1024x409.png 1024w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/06\/Screen-Shot-2022-06-20-at-11.44.39-AM-300x120.png 300w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/06\/Screen-Shot-2022-06-20-at-11.44.39-AM-768x307.png 768w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/06\/Screen-Shot-2022-06-20-at-11.44.39-AM-1536x613.png 1536w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/06\/Screen-Shot-2022-06-20-at-11.44.39-AM-2048x818.png 2048w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/06\/Screen-Shot-2022-06-20-at-11.44.39-AM-1440x575.png 1440w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"has-large-font-size\">Tips for Detection<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Notice the maroon caution banner prepended to the message. This banner is added on messages that match patterns of other phishing attempts.<\/li><li>The email is not sent from an @pugetsound.edu address. <\/li><li>Hovering over the hyperlinked text reveals that the link does not take you to a pugetsound.edu site.<\/li><li>Technology Services will not ask you to click a link to &#8220;avoid login interruption.&#8221;<\/li><\/ul>\n\n\n\n<p class=\"has-large-font-size\">Where Did the Link Lead?<\/p>\n\n\n\n<p>The link led to a page designed to steal your account credentials. Do not enter your username\/password on sites you do not recognize or on online forms.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"633\" src=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/06\/Screen-Shot-2022-06-20-at-11.58.18-AM-1024x633.png\" alt=\"\" class=\"wp-image-767\" srcset=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/06\/Screen-Shot-2022-06-20-at-11.58.18-AM-1024x633.png 1024w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/06\/Screen-Shot-2022-06-20-at-11.58.18-AM-300x185.png 300w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/06\/Screen-Shot-2022-06-20-at-11.58.18-AM-768x474.png 768w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/06\/Screen-Shot-2022-06-20-at-11.58.18-AM-1536x949.png 1536w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/06\/Screen-Shot-2022-06-20-at-11.58.18-AM-2048x1265.png 2048w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/06\/Screen-Shot-2022-06-20-at-11.58.18-AM-1440x890.png 1440w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"has-large-font-size\">Text of Phishing Message<\/p>\n\n\n\n<p><strong>From<\/strong>: qmccarthy[@]teampbs[.]com<br><strong>Subject:<\/strong> maintenance status<\/p>\n\n\n\n<p>Your PS account settings are out-of-date. To improve all student\/faculty\/staff account user experience, privacy policy update is required to avoid login interruption. <\/p>\n\n\n\n<p>Privacy Policy Action Required Now<\/p>\n\n\n\n<p>Visit [<em>link removed<\/em>]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Original Phishing Message Tips for Detection Notice the maroon caution banner prepended to the message. This banner is added on messages that match patterns of other phishing attempts. The email is not sent from an @pugetsound.edu address. Hovering over the hyperlinked text reveals that the link does not take you to a pugetsound.edu site. Technology [&hellip;]<\/p>\n","protected":false},"author":521,"featured_media":765,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3],"class_list":["post-764","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/764","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=764"}],"version-history":[{"count":2,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/764\/revisions"}],"predecessor-version":[{"id":769,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/764\/revisions\/769"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/765"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=764"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=764"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=764"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}