{"id":919,"date":"2022-11-11T09:50:36","date_gmt":"2022-11-11T17:50:36","guid":{"rendered":"https:\/\/blogs.pugetsound.edu\/infosec\/?p=919"},"modified":"2022-11-11T09:52:25","modified_gmt":"2022-11-11T17:52:25","slug":"phishing-from-11-11-2022-action-required-password-expiration-for-usernamepugetsound-edu-user","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/919","title":{"rendered":"Phishing from 11\/11\/2022: &#8220;Action Required: Password Expiration for [USERNAME]@PUGETSOUND.EDU user&#8221;"},"content":{"rendered":"\n<p class=\"has-large-font-size\">Original Phishing Message<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"435\" src=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/11\/11-11-22-password-phish-1-1024x435.png\" alt=\"\" class=\"wp-image-921\" srcset=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/11\/11-11-22-password-phish-1-1024x435.png 1024w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/11\/11-11-22-password-phish-1-300x128.png 300w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/11\/11-11-22-password-phish-1-768x326.png 768w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/11\/11-11-22-password-phish-1.png 1202w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"has-large-font-size\">Tips for Detection<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>This sender is an individual from outside the university \u2014 note the sending address.<\/li><li>Legitimate notices about password expiration will begin 14 days prior to the impending password expiration. <\/li><li>You will never be asked to click on a link to keep your password. Hovering over the link reveals that it leads to http:\/\/ee[.]bzhu1[.]francoradiooldies[.]com which is not a Puget Sound website. <\/li><li>Remember \u2013 do not share your credentials with anybody or enter it on online forms.<\/li><\/ul>\n\n\n\n<p class=\"has-large-font-size\">Text of Phishing Message<\/p>\n\n\n\n<p><strong>From<\/strong>: info[@]mckinleyhomebuilders[.]com<br><strong>Subject<\/strong>: Action Required: Password Expiration for [<em>USERNAME]<\/em>@PUGETSOUND.EDU user<\/p>\n\n\n\n<p>Microsoft Office 365<\/p>\n\n\n\n<p>Hi [<em>USERNAME<\/em>]@PUGETSOUND.EDU<\/p>\n\n\n\n<p>Your password is expiring in the next (2) days.<\/p>\n\n\n\n<p>Monday, November 8, 2022 : 5:09:54 PM<\/p>\n\n\n\n<p>Keep My Password<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Original Phishing Message Tips for Detection This sender is an individual from outside the university \u2014 note the sending address. Legitimate notices about password expiration will begin 14 days prior to the impending password expiration. You will never be asked to click on a link to keep your password. Hovering over the link reveals that [&hellip;]<\/p>\n","protected":false},"author":521,"featured_media":921,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3,4],"class_list":["post-919","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing","tag-phishtank"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/919","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=919"}],"version-history":[{"count":2,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/919\/revisions"}],"predecessor-version":[{"id":924,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/919\/revisions\/924"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/921"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=919"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=919"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=919"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}