{"id":794,"date":"2022-07-21T12:04:30","date_gmt":"2022-07-21T19:04:30","guid":{"rendered":"https:\/\/blogs.pugetsound.edu\/infosec\/?p=794"},"modified":"2022-07-21T17:10:23","modified_gmt":"2022-07-22T00:10:23","slug":"phishing-from-7-21-22-ups-servicehelpdesk","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/794","title":{"rendered":"Phishing from 7\/21\/22: “UPS\/ServiceHelpDesk”"},"content":{"rendered":"\n

Original Phishing Message<\/p>\n\n\n\n

NOTE: If you received this message, please delete it and DO NOT click on any links. The email is NOT legitimate and does not originate from Technology Services.<\/em><\/strong><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Tips for Detection<\/p>\n\n\n\n

  • Notice the maroon caution banner prepended to the message. This banner is added on messages that match patterns of other phishing attempts.<\/li>
  • The email is not sent from an @pugetsound.edu address.<\/li>
  • Notice the stretched out university logo.<\/li>
  • Though the hyperlinked text appears to be for a pugetsound.edu site, hovering over the link reveals that the true destination goes to the URL ubsdskillindia[.]com\/wp-content\/pugetsound.edu\/page\/.<\/li>
  • Technology Services will not ask you to click a link to \u201cavoid login interruption.\u201d<\/li><\/ul>\n\n\n\n

    <\/p>\n\n\n\n

    Text of Phishing Message<\/p>\n\n\n\n

    From: ssterenberg[@]teampbs[.]com
    Subject: UPS\/ServiceHelpDesk<\/p>\n\n\n\n

    Your UPS account settings are out-of-date. To improve all student\/faculty\/staff account user experience, privacy policy update is required to avoid login interruption.<\/p>\n\n\n\n

    Privacy Policy Action Required Now<\/p>\n\n\n\n

    Visit Information Technology [link removed<\/em>]<\/p>\n","protected":false},"excerpt":{"rendered":"

    Original Phishing Message NOTE: If you received this message, please delete it and DO NOT click on any links. The email is NOT legitimate and does not originate from Technology Services. Tips for Detection Notice the maroon caution banner prepended to the message. This banner is added on messages that match patterns of other phishing […]<\/p>\n","protected":false},"author":521,"featured_media":795,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3],"class_list":["post-794","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/794","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=794"}],"version-history":[{"count":2,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/794\/revisions"}],"predecessor-version":[{"id":797,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/794\/revisions\/797"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/795"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=794"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=794"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=794"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}