{"id":785,"date":"2022-07-20T13:08:46","date_gmt":"2022-07-20T20:08:46","guid":{"rendered":"https:\/\/blogs.pugetsound.edu\/infosec\/?p=785"},"modified":"2022-07-20T16:21:04","modified_gmt":"2022-07-20T23:21:04","slug":"phishing-from-7-20-2022-its-portal","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/785","title":{"rendered":"Phishing from 7\/20\/2022: “ITS PORTAL” and “UPS its”"},"content":{"rendered":"\n

Original Phishing Message<\/p>\n\n\n\n

NOTE: If you received this message, please delete it and DO NOT click on any links. This message is NOT legitimate. <\/em><\/strong><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Tips for Detection<\/p>\n\n\n\n

  • Notice the maroon caution banner prepended to the message. This banner is added on messages that match patterns of other phishing attempts.<\/li>
  • The email is not sent from an @pugetsound.edu address.<\/li>
  • The entire body of the email is a hyperlinked image (instead of text) which should be suspicious. This is a method used by attackers to bypass email spam filters.<\/li>
  • Hovering over the hyperlinked image reveals that the link does not take you to a pugetsound.edu site and instead goes to mecaniquepetitetfilles[.]ca\/salesadmin\/update.<\/li>
  • Technology Services will not ask you to click a link to \u201cavoid login interruption.\u201d<\/li><\/ul>\n\n\n\n

    Where Did the Link Lead?<\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    Text of Phishing Message<\/p>\n\n\n\n

    From: <\/strong>replen[@]gvsu[.]edu or ssterenberg[@]teampbs[.]com
    Subject: <\/strong>ITS PORTAL<\/p>\n\n\n\n

    Your UPS account settings are out-of-date. To improve all student\/faculty\/staff account user experience, privacy policy update is required to avoid login interruption. <\/p>\n\n\n\n

    Privacy Policy Action Required Now<\/p>\n\n\n\n

    Visit [link removed<\/em>]<\/p>\n\n\n\n

    <\/p>\n","protected":false},"excerpt":{"rendered":"

    Original Phishing Message NOTE: If you received this message, please delete it and DO NOT click on any links. This message is NOT legitimate. Tips for Detection Notice the maroon caution banner prepended to the message. This banner is added on messages that match patterns of other phishing attempts. The email is not sent from […]<\/p>\n","protected":false},"author":521,"featured_media":787,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3],"class_list":["post-785","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/785","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=785"}],"version-history":[{"count":4,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/785\/revisions"}],"predecessor-version":[{"id":793,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/785\/revisions\/793"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/787"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=785"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=785"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=785"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}