{"id":77,"date":"2020-09-24T13:26:39","date_gmt":"2020-09-24T20:26:39","guid":{"rendered":"http:\/\/blogs.pugetsound.edu\/infosec\/?p=77"},"modified":"2020-09-24T13:26:39","modified_gmt":"2020-09-24T20:26:39","slug":"phishing-example-from-9-24-20-re-covid-19-alert-system","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/77","title":{"rendered":"Phishing Example from 9\/24\/20: &#8220;Re: COVID-19 Alert System&#8221;"},"content":{"rendered":"<blockquote>\n<h2>Security Tip: Phishing emails sometimes contain &#8220;Re:&#8221; in the subject line to give a false indication that the sender is replying to a message you sent. Don&#8217;t fall for it!<\/h2>\n<\/blockquote>\n<h2>Tips for Detection<\/h2>\n<ul>\n<li>Important updates to the university plan for COVID-19 would be communicated officially and exist on the university&#8217;s response to COVID-19 website<\/li>\n<li>The language of &#8220;IT Helpdesk&#8221; should be a giveaway that the message did not originate from Technology Services<\/li>\n<li>The &#8220;To&#8221; field contains a bogus help desk address<\/li>\n<li>The display name and external email address of the sender do not match the information in the signature of the email<\/li>\n<li>Hovering over the link reveals a site hosted on cabanova[.]com and not pugetsound.edu<\/li>\n<\/ul>\n<h2>Original Phishing Message<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-78\" src=\"http:\/\/blogs.pugetsound.edu\/infosec\/files\/2020\/09\/9-24-20-covid-phish.png\" alt=\"\" width=\"1872\" height=\"520\" srcset=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2020\/09\/9-24-20-covid-phish.png 1872w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2020\/09\/9-24-20-covid-phish-300x83.png 300w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2020\/09\/9-24-20-covid-phish-768x213.png 768w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2020\/09\/9-24-20-covid-phish-1024x284.png 1024w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2020\/09\/9-24-20-covid-phish-1440x400.png 1440w\" sizes=\"auto, (max-width: 1872px) 100vw, 1872px\" \/><\/p>\n<h2>Text of Phishing Message<\/h2>\n<p>Dear Staff,<\/p>\n<p>As we are preparing to enter the new phase of COVID-19 level. IT Helpdesk has introduced the Alert System to manage and minimize the risk of COVID-19. All Staff are required to Login COVID-19 Alert System to see their tasks and schedules.<\/p>\n<p>To access, Click on COVID-19 Alert System<\/p>\n<p>Take care and keep safe.<\/p>\n<p>Sincerely,<br \/>\nIT Helpdesk<br \/>\n\u00a92020 All rights reserved<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security Tip: Phishing emails sometimes contain &#8220;Re:&#8221; in the subject line to give a false indication that the sender is replying to a message you sent. Don&#8217;t fall for it! Tips for Detection Important updates to the university plan for COVID-19 would be communicated officially and exist on the university&#8217;s response to COVID-19 website The [&hellip;]<\/p>\n","protected":false},"author":521,"featured_media":78,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3,4],"class_list":["post-77","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing","tag-phishtank"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/77","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=77"}],"version-history":[{"count":1,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/77\/revisions"}],"predecessor-version":[{"id":79,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/77\/revisions\/79"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/78"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=77"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=77"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=77"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}