{"id":926,"date":"2022-11-15T09:29:52","date_gmt":"2022-11-15T17:29:52","guid":{"rendered":"https:\/\/blogs.pugetsound.edu\/infosec\/?p=926"},"modified":"2022-11-15T09:29:53","modified_gmt":"2022-11-15T17:29:53","slug":"phishing-from-11-14-22-important-service-request-reminder-from-pugetsound","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/926","title":{"rendered":"Phishing from 11\/14\/22: &#8220;Important Service Request-Reminder from Pugetsound&#8221;"},"content":{"rendered":"\n<p class=\"has-large-font-size\">Original Phishing Message<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"559\" src=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/11\/11-14-22-microsoft-it-phish-1-1024x559.png\" alt=\"\" class=\"wp-image-928\" srcset=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/11\/11-14-22-microsoft-it-phish-1-1024x559.png 1024w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/11\/11-14-22-microsoft-it-phish-1-300x164.png 300w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/11\/11-14-22-microsoft-it-phish-1-768x419.png 768w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/11\/11-14-22-microsoft-it-phish-1.png 1250w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"has-large-font-size\">Tips for Detection<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>This sender is an individual from outside the university \u2014 note the sending address.<\/li><li>Legitimate notices about password expiration will begin 14 days prior to the impending password expiration.<\/li><li>You will never be asked to click on a link to keep your password. <\/li><li>The entire message is an image. This is a common method used by scammers to avoid detection by email spam filters. Hovering over the image shows that it hyperlinks to 737928737928.737928[.]ian[.]co[.]za. This is not a Puget Sound website and is suspicious. <\/li><li>Remember &#8211; do not enter your username\/password on websites you do not recognize. <\/li><\/ul>\n\n\n\n<p class=\"has-large-font-size\">Text of Phishing Message<\/p>\n\n\n\n<p><strong>From<\/strong>: Technical Dept-IT &lt;john[@]sfmtraining[.]co[.]uk><br><strong>Subject<\/strong>: Important Service Request-Reminder from Pugetsound <\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>Microsoft<\/p>\n\n\n\n<p>Microsoft account<\/p>\n\n\n\n<p>Password Expiration Notice<\/p>\n\n\n\n<p>Dear User:<\/p>\n\n\n\n<p>Your password is set to expire today<\/p>\n\n\n\n<p>Tuesday, 14 November 2022<\/p>\n\n\n\n<p>We encourage you to re-confirm with same password to avoid login interruption.<\/p>\n\n\n\n<p>Keep My Password<\/p>\n\n\n\n<p>Note: Microsoft will not be held responsible for any account loss<\/p>\n\n\n\n<p>Thank you,<\/p>\n\n\n\n<p>Copyright Microsoft Corporation 2022. All Rights Reserved<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Original Phishing Message Tips for Detection This sender is an individual from outside the university \u2014 note the sending address. Legitimate notices about password expiration will begin 14 days prior to the impending password expiration. You will never be asked to click on a link to keep your password. The entire message is an image. [&hellip;]<\/p>\n","protected":false},"author":521,"featured_media":928,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3],"class_list":["post-926","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/926","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=926"}],"version-history":[{"count":1,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/926\/revisions"}],"predecessor-version":[{"id":929,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/926\/revisions\/929"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/928"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=926"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=926"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=926"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}