{"id":825,"date":"2022-08-15T08:18:23","date_gmt":"2022-08-15T15:18:23","guid":{"rendered":"https:\/\/blogs.pugetsound.edu\/infosec\/?p=825"},"modified":"2022-08-15T08:20:53","modified_gmt":"2022-08-15T15:20:53","slug":"phishing-from-8-12-22-ups-out-of-date","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/825","title":{"rendered":"Phishing from 8\/12\/22: “UPS out of date”"},"content":{"rendered":"\n

Original Phishing Message<\/p>\n\n\n\n

NOTE: If you received this message, simply delete it and do not click on any links. The message is not legitimate. <\/em><\/strong><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Tips for Detection<\/p>\n\n\n\n

  • Notice the maroon caution banner prepended to the message. This banner is added on messages that match patterns of other phishing attempts.<\/li>
  • The email is not sent from an @pugetsound.edu address.<\/li>
  • The entire body of the email is a hyperlinked image (instead of text) which should be suspicious. This is a method used by attackers to bypass email spam filters.<\/li>
  • Though the hyperlinked text appears to be for a pugetsound.edu site, hovering over the link reveals that the true destination goes to the URL securehelpinfo[.]com. <\/li>
  • Technology Services will not ask you to click a link to \u201cavoid login interruption.\u201d<\/li><\/ul>\n\n\n\n

    Text of Phishing Message<\/p>\n\n\n\n

    From<\/strong>: mcdoashl[@]gvsu[.]edu
    Subejct<\/strong>: UPS out of date<\/p>\n\n\n\n

    Your UPS account settings are out-of-date. To improve all student\/faculty\/staff account user experience, privacy policy update is required to avoid login interruption. <\/p>\n\n\n\n

    Privacy Policy Action Required now<\/p>\n","protected":false},"excerpt":{"rendered":"

    Original Phishing Message NOTE: If you received this message, simply delete it and do not click on any links. The message is not legitimate. Tips for Detection Notice the maroon caution banner prepended to the message. This banner is added on messages that match patterns of other phishing attempts. The email is not sent from […]<\/p>\n","protected":false},"author":521,"featured_media":826,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3],"class_list":["post-825","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/825","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=825"}],"version-history":[{"count":2,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/825\/revisions"}],"predecessor-version":[{"id":829,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/825\/revisions\/829"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/826"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=825"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=825"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=825"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}