![\"\"](\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/11\/11-17-22-email-maintennace-phish-1024x501.png\")
<\/figure>\n\n\n\nTips for Detection<\/p>\n\n\n\n
- Notice the maroon caution banner prepended to the message. This indicates the message matches patterns of previous phishing attempts. <\/li>
- Legitimate emails about your Puget Sound account will generally come from an @pugetsound.edu address. This message came from rasha[@]hammad[.]com. <\/li>
- Notice the sense of urgency in the wording “avoid login interruption” and “required now”. Be cautious as many phishing emails contain a false sense of urgency. <\/li>
- Always hover over links! In this case, the hyperlink appears to go to a pugetsound.edu site. However, if you hover over it, you will see that it would actually take you to the website https:\/\/prestadores[.]oftalmed[.]pt\/office47\/new\/index.html. <\/li><\/ul>\n\n\n\n
Where Did the Link Lead?<\/p>\n\n\n\n
The link led to a website https:\/\/prestadores[.]oftalmed[.]pt\/office47\/new\/index[.]html designed to steal your Puget Sound username and password. Never enter your credentials on sites you do not recognize. <\/p>\n\n\n\n
![\"\"](\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/11\/11-17-22-email-maintennace-phish-link-1024x430.png\")
<\/figure>\n\n\n\nText of Phishing Message<\/p>\n\n\n\n
From:<\/strong> rasha[@]hammad[.]com
Subject: <\/strong>Email maintenance<\/p>\n\n\n\nYour UPS UNIVERSITY EMAIL account settings are out-of-date. To improve all student\/faculty\/staff account user experience, privacy policy update is required to avoid login interruption.<\/p>\n\n\n\n
Privacy Policy Action Required Now<\/p>\n\n\n\n
Visit [link removed<\/em>]<\/p>\n","protected":false},"excerpt":{"rendered":"
Original Phishing Message NOTE: If you received this message, please simply delete it and do not click on the link. This email is NOT legitimate. Tips for Detection Notice the maroon caution banner prepended to the message. This indicates the message matches patterns of previous phishing attempts. Legitimate emails about your Puget Sound account will […]<\/p>\n","protected":false},"author":521,"featured_media":931,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3],"class_list":["post-930","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/930","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=930"}],"version-history":[{"count":2,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/930\/revisions"}],"predecessor-version":[{"id":935,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/930\/revisions\/935"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/931"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=930"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=930"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=930"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}