{"id":858,"date":"2022-09-21T09:12:23","date_gmt":"2022-09-21T16:12:23","guid":{"rendered":"https:\/\/blogs.pugetsound.edu\/infosec\/?p=858"},"modified":"2022-09-21T09:13:34","modified_gmt":"2022-09-21T16:13:34","slug":"phishing-from-9-20-22-password-alert-and-password-warning","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/858","title":{"rendered":"Phishing from 9\/20\/22: &#8220;PASSWORD ALERT&#8221; and &#8220;PASSWORD WARNING&#8221;"},"content":{"rendered":"\n<p class=\"has-large-font-size\">Original Phishing Message<\/p>\n\n\n\n<p><strong><em>NOTE: If you received this message, simply delete it as it is not legitimate. <\/em><\/strong><\/p>\n\n\n\n<p><strong>From:<\/strong> ZAbdulla27[@]health[.]gov[.]bh<br><strong>Subject:<\/strong> PASSWORD ALERT<br><strong>Subject:<\/strong> Password alert<br><strong>Subject:<\/strong> PASSWORD WARNING <\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"661\" height=\"181\" src=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/09\/9-20-22-password-phish.png\" alt=\"\" class=\"wp-image-859\" srcset=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/09\/9-20-22-password-phish.png 661w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/09\/9-20-22-password-phish-300x82.png 300w\" sizes=\"auto, (max-width: 661px) 100vw, 661px\" \/><\/figure>\n\n\n\n<p class=\"has-large-font-size\">Tips for Detection<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Notice the maroon caution banner preprended to the message. The banner is added to messages that match patterns of previous phishing attempts. <\/li><li>The language implies a sense of false urgency. Legitimate notices about password expiration will begin 14 days prior to the impending password expiration. You will never be asked to click on a link to keep your password or stop password expiration.<\/li><li>The link leads to a malicious website borriss-website[.]mypagecloud[.]com. Always hover over links to see where they lead.<\/li><li>This sender is an individual from outside the university \u2014 note the sending address.<\/li><li>Remember \u2013 do not share your credentials with anybody, submit it on online forms, or enter it on sites you do not recognize.<\/li><\/ul>\n\n\n\n<p class=\"has-large-font-size\">Text of Phishing Message<\/p>\n\n\n\n<p><strong>From:<\/strong> ZAbdulla27[@]health[.]gov[.]bh<br><strong>Subject:<\/strong> PASSWORD ALERT<br><strong>Subject:<\/strong> Password alert<br><strong>Subject:<\/strong> PASSWORD WARNING  <\/p>\n\n\n\n<p>Attention !!<\/p>\n\n\n\n<p>Your password will expire in 24hrs, to stop this Click here<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Original Phishing Message NOTE: If you received this message, simply delete it as it is not legitimate. From: ZAbdulla27[@]health[.]gov[.]bhSubject: PASSWORD ALERTSubject: Password alertSubject: PASSWORD WARNING Tips for Detection Notice the maroon caution banner preprended to the message. The banner is added to messages that match patterns of previous phishing attempts. The language implies a sense [&hellip;]<\/p>\n","protected":false},"author":521,"featured_media":859,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3],"class_list":["post-858","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/858","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=858"}],"version-history":[{"count":2,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/858\/revisions"}],"predecessor-version":[{"id":861,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/858\/revisions\/861"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/859"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=858"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=858"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=858"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}