6550-Uthscsa: Accept the proposal and return
This email below has been confirmed as malicious or fraudulent by the Information Security department. If you have received this phishing email, do not open any attachments or follow the link(s) in the message; simply delete the email.This phishing email targeting UTHSCSA employees leverages several tactics to deceive recipients and avoid detection. Here are the key elements and red flags:
- Suspicious Branding and Font: The DocuSign logo appears distorted and irregular, which is a common indicator of a phishing attempt. Authentic emails from companies typically maintain consistent and professional branding.
- Sender Address and Display Name: The email is sent from “no-reply@clarelocke.com,” which is not a recognized or associated domain with DocuSign or UTHSCSA.
- Malicious Link: The “Review Document” button contains a malicious URL that initiates a complex redirection chain. This tactic involves multiple intermediate URLs to obscure the final destination, making it harder for antivirus (AV) software to detect malicious intent. By redirecting through various seemingly harmless sites, it evades initial security checks and ultimately leads to a phishing site designed to harvest user credentials or install malware.
- Redirection Chain Tactic: The email embeds multiple redirects in the URL, each redirect passing through a different server. The final malicious destination is hidden behind several layers, each layer potentially being a legitimate or benign site. This method not only complicates the detection process by AV tools but also reduces the chance of triggering suspicion from the recipient.
