{"id":12235,"date":"2017-06-30T11:15:16","date_gmt":"2017-06-30T09:15:16","guid":{"rendered":"http:\/\/blogs.sun.ac.za\/it\/?p=12235"},"modified":"2017-07-26T10:38:31","modified_gmt":"2017-07-26T08:38:31","slug":"phishing-mail-disguised-as-a-password-expiry-mail-from-information-technology","status":"publish","type":"post","link":"https:\/\/blogs.sun.ac.za\/it\/2017\/06\/phishing-mail-disguised-as-a-password-expiry-mail-from-information-technology\/","title":{"rendered":"[:en]Phishing email: &#8220;Password Expiry&#8221; from Information Technology[:]"},"content":{"rendered":"<p>[:en]<\/p>\n<p>This morning\u2019s attempt at fooling users into divulging personal information like usernames, e-mail addresses and passwords and attempts to disguise itself as an email from the \u201cITS help desk\u201d<\/p>\n<p>Here is what it looks like: (We have removed the dangerous parts)<\/p>\n<hr \/>\n<p><em>From: Karen L. <\/em>Mcdonah [mailto:spoofed<em> or compromised e-mail address]<\/em><\/p>\n<p><em>Sent: Thursday, 29 June 2017 17:41<\/em><\/p>\n<p><em>To: Karen L. <\/em>Mcdonah<em> &lt;spoofed mail to disguise the sender&gt;<\/em><\/p>\n<p><em>Subject: IT SERVICE DESK<\/em><\/p>\n<p><em>Your password Will Expire In The Next TWO HOURS Current Mail User Should Please Log On To <strong><u>IT-WEBSITE<\/u><\/strong> To Validate Your E-mail Address And Password, Or Your E-mail Address Will Be Deactivated. Thank You.<\/em><\/p>\n<p><em>ITS help desk<\/em><\/p>\n<p><em>ADMIN TEAM<\/em><\/p>\n<p><em>\u00a9Copyright 2017 Microsoft<\/em><\/p>\n<p><em>All Right Reserve<\/em><\/p>\n<hr \/>\n<p>That is it. The classic signs of a phishing email should be obvious.<\/p>\n<ol>\n<li>Unknown or undisclosed sender.<\/li>\n<li>Disguised to make it look like it comes from a legitimate sender (like Information Technology)<\/li>\n<li>Threatening or intimidating users into doing something quickly without checking.<\/li>\n<li>Poor grammar and spelling.<\/li>\n<li>Encourages users to click on a link in the email (which takes them to a server under the control of the criminals where they are asked to provide usernames, email addresses and old and new passwords)<\/li>\n<li>The phishing server is not encrypted (http:\/\/ instead of <a href=\"https:\/\/\">https:\/\/<\/a>) so passwords and user data are captured in plain readable text.<\/li>\n<\/ol>\n<p>Here is what the phishing site looks like. It uses a \u201cthrow-away\u201d website provider. The criminals will use this site for a couple of hours and then close it once they have obtained their intended victim&#8217;s personal data. (which makes it financially very lucrative!)<\/p>\n<p><a href=\"http:\/\/blogs.sun.ac.za\/it\/files\/2017\/06\/phishing_password_expiry.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-12236\" src=\"http:\/\/blogs.sun.ac.za\/it\/files\/2017\/06\/phishing_password_expiry-500x239.jpg\" alt=\"\" width=\"500\" height=\"239\" srcset=\"https:\/\/blogs.sun.ac.za\/it\/files\/2017\/06\/phishing_password_expiry-500x239.jpg 500w, https:\/\/blogs.sun.ac.za\/it\/files\/2017\/06\/phishing_password_expiry-300x143.jpg 300w, https:\/\/blogs.sun.ac.za\/it\/files\/2017\/06\/phishing_password_expiry-768x367.jpg 768w, https:\/\/blogs.sun.ac.za\/it\/files\/2017\/06\/phishing_password_expiry.jpg 932w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p style=\"text-align: right;\">[ARTICLE BY DAVID WILES]<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>[:]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[:en] This morning\u2019s attempt at fooling users into divulging personal information like usernames, e-mail addresses and passwords and attempts to disguise itself as an email from the \u201cITS help desk\u201d Here is what it looks like: (We have removed the dangerous parts) From: Karen L. Mcdonah [mailto:spoofed or compromised e-mail address] Sent: Thursday, 29 June [&hellip;]<\/p>\n","protected":false},"author":259,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20382,29187],"tags":[20381],"class_list":["post-12235","post","type-post","status-publish","format-standard","hentry","category-email","category-security-2","tag-phishing"],"publishpress_future_action":{"enabled":false,"date":"2026-05-23 00:59:56","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"category","extraData":[]},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/12235","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/users\/259"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/comments?post=12235"}],"version-history":[{"count":3,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/12235\/revisions"}],"predecessor-version":[{"id":12303,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/12235\/revisions\/12303"}],"wp:attachment":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/media?parent=12235"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/categories?post=12235"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/tags?post=12235"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}