{"id":89,"date":"2020-10-05T14:16:02","date_gmt":"2020-10-05T21:16:02","guid":{"rendered":"http:\/\/blogs.pugetsound.edu\/infosec\/?p=89"},"modified":"2023-02-09T12:05:00","modified_gmt":"2023-02-09T20:05:00","slug":"simulated-phishing-breakdown-alert-microsoft-detected-ransomware","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/simulated-phishing\/89","title":{"rendered":"NCSAM 2020: Simulated Phishing Breakdown #1"},"content":{"rendered":"

Original Simulated Phishing Message<\/h2>\n

Note: This email was sent by Technology Services to simulate a real phishing email as part of National Cyber Security Awareness Month. <\/em> Visit pugetsound.edu\/NCSAM2020<\/a> for more information. <\/em>The goal of simulated phishing is to provide an interactive way for campus members to learn how to quickly recognize and handle phishing emails.<\/em><\/p>\n

\"\"<\/p>\n

Tips for Detection<\/h2>\n

Caution Banner<\/h4>\n

Technology Services adds a “Caution” banner at the top of email messages containing specific keywords that have appeared on multiple occassions in previous phishing attacks. If you see this banner, proceed with caution. Please know that the absence of the banner does NOT necessarily mean an email is safe.<\/p>\n

Invoking Fear and Urgency<\/h4>\n

Ransomware is definitely a real threat and this message is meant to incite a panicked response. Nobody wants to lose their important files or be threatened to pay bitcoin to recover documents. The sense of urgency can prompt anybody to desire quick action to resolve the situation.<\/p>\n

Don’t fall for it! Stop and think.<\/p>\n

Impersonating Microsoft Support<\/h4>\n

Many phishing emails and browser pop-ups impersonate Microsoft. Though it would be benevolent of Microsoft to be on the lookout for everyone, their support team does NOT in fact email people if a computer running Windows becomes infected with malware.<\/p>\n

As always, check the sending email address and hover over hyperlinked text to see where it leads. You will notice that this email does not originate from the microsoft.com domain.<\/p>\n

Text of Simulated Phishing Message<\/h2>\n

From: Microsoft Support <ransomwarenotice[@]gmail[.]conn>
\nSubject: ALERT – Microsoft Detected Ransomware<\/p>\n

Hello,<\/span><\/p>\n

Microsoft Security Essentials has detected ransomware on your computer. The ransomware will encrypt all your files and you will lose all access to your documents and pictures.<\/span><\/p>\n

To prevent the ransomware from spreading, click this link immediately to start a remote session with a Microsoft Customer Support representative who will walk you through removing the threat. Microsoft is committed to your security and has agents ready to help you.<\/span><\/p>\n

Thank you,
\nMicrosoft Corporation
\n1 Microsoft Way, Redmond, WA, 98052<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

Original Simulated Phishing Message Note: This email was sent by Technology Services to simulate a real phishing email as part of National Cyber Security Awareness Month. Visit pugetsound.edu\/NCSAM2020 for more information. The goal of simulated phishing is to provide an interactive way for campus members to learn how to quickly recognize and handle phishing emails. […]<\/p>\n","protected":false},"author":521,"featured_media":90,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[3],"class_list":["post-89","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-simulated-phishing","tag-phishing"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/89","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=89"}],"version-history":[{"count":5,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/89\/revisions"}],"predecessor-version":[{"id":986,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/89\/revisions\/986"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/90"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=89"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=89"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=89"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}