Pending Payment - Phish Bowl

1.0Phish Bowlhttps://wp.uthscsa.edu/phishbowlPending Payment - Phish Bowlrich600338<blockquote class="wp-embedded-content" data-secret="7ruSAcgrfi"><a href="https://wp.uthscsa.edu/phishbowl/uncategorized/1571/">Pending Payment</a></blockquote><iframe sandbox="allow-scripts" security="restricted" src="https://wp.uthscsa.edu/phishbowl/uncategorized/1571/embed/#?secret=7ruSAcgrfi" width="600" height="338" title="“Pending Payment” — Phish Bowl" data-secret="7ruSAcgrfi" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe><script type="text/javascript"> /* <![CDATA[ */ /*! This file is auto-generated */ !function(d,l){"use strict";l.querySelector&&d.addEventListener&&"undefined"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!/[^a-zA-Z0-9]/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret="'+t.secret+'"]'),o=l.querySelectorAll('blockquote[data-secret="'+t.secret+'"]'),c=new RegExp("^https?:$","i"),i=0;i<o.length;i++)o[i].style.display="none";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute("style"),"height"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):"link"===t.message&&(r=new URL(s.getAttribute("src")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener("message",d.wp.receiveEmbedMessage,!1),l.addEventListener("DOMContentLoaded",function(){for(var e,t,s=l.querySelectorAll("iframe.wp-embedded-content"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute("data-secret"))||(t=Math.random().toString(36).substring(2,12),e.src+="#?secret="+t,e.setAttribute("data-secret",t)),e.contentWindow.postMessage({message:"ready",secret:t},"*")},!1)))}(window,document); //# sourceURL=https://wp.uthscsa.edu/phishbowl/wp-includes/js/wp-embed.min.js /* ]]> */ </script> This email has a number of red flags. The email address appears different from the actual address and even uses the username of the recipient as the domain name. The salutation just has the username instead of a proper name. Hovering over the “Open Secure Document” link reveals a redirect to a site that has […]https://wp.uthscsa.edu/phishbowl/wp-content/uploads/sites/90/2023/01/20230105PendingPayment.png