{"id":814,"date":"2022-08-04T15:25:35","date_gmt":"2022-08-04T22:25:35","guid":{"rendered":"https:\/\/blogs.pugetsound.edu\/infosec\/?p=814"},"modified":"2022-08-04T15:40:57","modified_gmt":"2022-08-04T22:40:57","slug":"phishing-from-8-4-2022-work-from-home-position-who","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/814","title":{"rendered":"Phishing from 8\/4\/2022: &#8220;Work-From-Home Position (WHO)&#8221;"},"content":{"rendered":"\n<p class=\"has-large-font-size\">Original Phishing Message<\/p>\n\n\n\n<p><strong><em>NOTE: If you received this email, DO NOT reply or provide information. This message is a job scam and is NOT legitimate. <\/em><\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"304\" src=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/08\/8-4-22-who-phish-1-1024x304.png\" alt=\"\" class=\"wp-image-820\" srcset=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/08\/8-4-22-who-phish-1-1024x304.png 1024w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/08\/8-4-22-who-phish-1-300x89.png 300w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/08\/8-4-22-who-phish-1-768x228.png 768w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/08\/8-4-22-who-phish-1.png 1165w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"has-large-font-size\">Tips for Detection<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Beware of job scams and anything that seems too good to be true. Being offered $500\/week for 3-6 hours of work should be suspicious.<\/li><li>Being asked to provide a personal email address with no reasonable explanation should be suspicious. This is common in phishing emails so that attackers can continue communicating with you with less protections in place.<\/li><li>The attachment provides the contact information of the purported WHO employer as dianne.arnold[@]whoemployments[.]org. A legitimate individual working for the WHO will likely have an email address matching WHO\u2019s website who.int.<\/li><li>Please see Career and Employment Services\u2019 site for helpful tips on how to identify job scams:\u00a0<a rel=\"noreferrer noopener\" href=\"https:\/\/www.pugetsound.edu\/career-and-employment-services\/ces-students\/job-search-resources\/job-seeker-beware\" target=\"_blank\">https:\/\/www.pugetsound.edu\/career-and-employment-services\/ces-students\/job-search-resources\/job-seeker-beware<\/a><\/li><li>Please see the FTC\u2019s page on fraudulent job offers:\u00a0<a rel=\"noreferrer noopener\" href=\"https:\/\/consumer.ftc.gov\/articles\/job-scams\" target=\"_blank\">https:\/\/consumer.ftc.gov\/articles\/job-scams<\/a>.<\/li><li>If you are ever unsure about a message\u2019s legitimacy, contact the Technology Service Desk.<\/li><\/ul>\n\n\n\n<p class=\"has-large-font-size\">Text of Phishing Message<\/p>\n\n\n\n<p><strong>From: <\/strong>drios[@]tormaxusa[.]com<br><strong>Subject<\/strong>: Work-From-Home Position (WHO)<br><strong>Reply-to<\/strong>: dianne.arnold[@]whoemployments[.]org<\/p>\n\n\n\n<p>I am sharing a Part-Time job opportunity with a weekly pay of $500.00 from World Health Organization (WHO).<\/p>\n\n\n\n<p>Read the attached document for further information about the employment. If interested, follow the steps in the document and contact Ms. Dianne Arnold with your personal email address ( Gmail, Yahoo or Hotmail, etc.), for more details on the employment.<\/p>\n\n\n\n<p>Take note; this is strictly a work-from-home position.<\/p>\n\n\n\n<p>Sincerely,<\/p>\n\n\n\n<p>Daniel Rios<\/p>\n\n\n\n<p>HR Manager<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Original Phishing Message NOTE: If you received this email, DO NOT reply or provide information. This message is a job scam and is NOT legitimate. Tips for Detection Beware of job scams and anything that seems too good to be true. Being offered $500\/week for 3-6 hours of work should be suspicious. Being asked to [&hellip;]<\/p>\n","protected":false},"author":521,"featured_media":815,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3],"class_list":["post-814","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/814","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=814"}],"version-history":[{"count":5,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/814\/revisions"}],"predecessor-version":[{"id":823,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/814\/revisions\/823"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/815"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=814"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=814"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=814"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}