Posts written by soukupg

(ADVANCE) WARNING!!!

February 8, 2024

This phishing email is intended to redirect users to a Google form that will harvest their credentials and allow the attackers to bypass two factor authentication. This email is particularly dangerous because if successful, attackers will be able to gain network level access through the use of the stolen two factor authentication code. Below are […]

Kindly review changes and amendments in Uthscsa policy

January 25, 2024

This phishing email attempts to impersonate UTHSCSA HR department and direct employees to review a policy update through a QR code. The QR Code redirects to a known Russian based phishing campaign site. The key red flags are as follows: External Sender Address: The email claims to be from UTHSCSA HR but is sent from […]

uthscsa.edu TODAY

January 23, 2024

This email is an example of an attempt to harvest logon credentials by impersonating the UTHSCSA Support desk and prompting users to logon to the malicious link. The key red flags are the following: External Sender Address: The email comes from an external domain with to relation to UT Health. This is a major red […]

Office 365 Expires Today

January 18, 2024

This email is a phishing attempt posing as an Office 365 expiration alert that uses urgency to prompt immediate action. The sender’s address and mismatched domain aim to deceive the recipient, while a conspicuous call-to-action button seeks to harvest credentials. Grammatical errors and external email warnings are telltale signs of its illegitimate nature. Below are […]

ndcourts.gov

January 12, 2024

This email serves as a perfect example of the use of compromised or spoofed domains. The email appears to come from a legitimate .gov domain (ndcourts.gov). Government domains, such as .gov, inherently carry a sense of authority and trustworthiness. Users are more likely to believe the authenticity of an email sent from a .gov address, […]

System Notifications | Uthscsa

January 9, 2024

This is an example of a more targeted attack, in which the attackers attempted to imitate an official Uthscsa notification targeted at a specific user. Below are the red flags to identify this phishing attempt: Suspicious Sender Address: The sender’s email address doesn’t match the official domain of the organization it’s supposedly sent from; it’s […]

New Teams Document in Uthscsa Teams

January 9, 2024

Review the Red Flags that show this email is a Phish/Malware: Sender’s Email Address: The sender’s address appears suspicious and does not match the official email format of the purported organization (Microsoft Teams in this case). Mismatched URL: The displayed URL text and the actual hyperlink (shown by the red arrow) do not match, and […]