{"id":970,"date":"2023-01-26T17:02:50","date_gmt":"2023-01-27T01:02:50","guid":{"rendered":"https:\/\/blogs.pugetsound.edu\/infosec\/?p=970"},"modified":"2023-01-26T17:02:55","modified_gmt":"2023-01-27T01:02:55","slug":"phishing-from-01-25-2023-your-package-s-waiting-for-delivery","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/970","title":{"rendered":"PHISHING FROM 01\/25\/2023: \u201cYour package s waiting for delivery\u201d"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Original Phishing Message<\/h2>\n\n\n\n<p><strong>From:\u00a0<\/strong>no-reply[@]b24-zhui11[.]bitrix24[.]fr<br><strong>Subject:\u00a0<\/strong>Your package s waiting for delivery<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"671\" height=\"508\" src=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2023\/01\/1-25-23-package-phish-1.png\" alt=\"\" class=\"wp-image-975\" srcset=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2023\/01\/1-25-23-package-phish-1.png 671w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2023\/01\/1-25-23-package-phish-1-300x227.png 300w\" sizes=\"auto, (max-width: 671px) 100vw, 671px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Tips for Detection<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>The email says its from USPS, but the style and color does not really match the company&#8217;s branding<\/li><li>Look for mismatches between the email address in the body of the email versus the display name.<\/li><li>Many phishing attempts utilize a time limit for an action, usually requiring payment<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Where Did the Link Lead?<\/h2>\n\n\n\n<p>The link went to a webpage that eerily looks like the official USPS website, with even a tracking page. However, the first thing you&#8217;ll notice off is the url at the top of the page that says &#8220;i-knowledge[.]com&#8221; This page asks for you to verify your address and other information. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"606\" src=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2023\/01\/1-25-23-package-phish-link-1024x606.png\" alt=\"\" class=\"wp-image-972\" srcset=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2023\/01\/1-25-23-package-phish-link-1024x606.png 1024w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2023\/01\/1-25-23-package-phish-link-300x178.png 300w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2023\/01\/1-25-23-package-phish-link-768x455.png 768w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2023\/01\/1-25-23-package-phish-link-1536x909.png 1536w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2023\/01\/1-25-23-package-phish-link-1440x852.png 1440w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2023\/01\/1-25-23-package-phish-link.png 1693w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Text of Phishing Message<\/h2>\n\n\n\n<p><strong>From:\u00a0<\/strong>no-reply[@]b24-zhui11[.]bitrix24[.]fr<br><strong>Subject:\u00a0<\/strong>Your package s waiting for delivery <\/p>\n\n\n\n<p>Hello [<em>username<\/em>]@pugetsound.edu!<\/p>\n\n\n\n<p>The package sent to you has been delivered to USPS Office and should be delivered within 48h. Please confirm the payment (0.92) on the link below within a maximum of 14 days before it expires. <\/p>\n\n\n\n<p>Follow My Package [<em>link removed<\/em>]<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Original Phishing Message From:\u00a0no-reply[@]b24-zhui11[.]bitrix24[.]frSubject:\u00a0Your package s waiting for delivery Tips for Detection The email says its from USPS, but the style and color does not really match the company&#8217;s branding Look for mismatches between the email address in the body of the email versus the display name. Many phishing attempts utilize a time limit for [&hellip;]<\/p>\n","protected":false},"author":643,"featured_media":975,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3,4],"class_list":["post-970","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing","tag-phishtank"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/970","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/643"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=970"}],"version-history":[{"count":3,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/970\/revisions"}],"predecessor-version":[{"id":977,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/970\/revisions\/977"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/975"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=970"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=970"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=970"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}