{"id":1780,"date":"2024-01-02T13:42:47","date_gmt":"2024-01-02T19:42:47","guid":{"rendered":"https:\/\/wp.uthscsa.edu\/phishbowl\/?p=1780"},"modified":"2024-01-02T13:42:47","modified_gmt":"2024-01-02T19:42:47","slug":"suspicious-login-detected","status":"publish","type":"post","link":"https:\/\/wp.uthscsa.edu\/phishbowl\/uncategorized\/1780\/","title":{"rendered":"Suspicious Login Detected"},"content":{"rendered":"<p>This email is designed to have you access the PDF file in someone&#8217;s Google Drive or contact the email address to find out what to do next. This is a scam and the PDF file probably has malicious code.<\/p>\n<p>See the Red Flags listed below for information on why this is not a legitimate email.<\/p>\n<p><strong>Suspicious Email Address:<\/strong> The sender&#8217;s email address appears to be from a domain that is not an official Wells Fargo domain.<\/p>\n<p><strong>Urgency in Subject Line:<\/strong> The subject &#8220;Suspicious Login Detected &#8211; Online Access ID Blocked &#8211; Validate Online Access Immediately.pdf&#8221; is designed to create a sense of urgency, a common tactic in phishing emails to prompt hasty actions from the recipient.<\/p>\n<p><strong>Shared PDF Document:<\/strong> Phishers often use PDFs or other document types as bait to get recipients to open attachments that may contain malicious links or software. Banks will never share sensitive information over a google document.<\/p>\n<p><strong>Mismatched Information:<\/strong> The email is flagged as originating from Google Drive, but the sender is supposedly representing Wells Fargo.<\/p>\n<p><strong>Generic Heading and Branding:<\/strong> The email does not list the recipients name. Typically all official financial communications will address the recipient by name. Additionally, the branding in the email looks generic. Typically, official communications from a bank will include specific branding and a more professional design layout.<\/p>\n<p>&nbsp;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-1781\" src=\"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-content\/uploads\/sites\/90\/2024\/01\/2023-12-28_11-37-05_Suspicious_Login_Detected.png\" alt=\"Screenshot of email\" width=\"1574\" height=\"950\" srcset=\"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-content\/uploads\/sites\/90\/2024\/01\/2023-12-28_11-37-05_Suspicious_Login_Detected.png 1574w, https:\/\/wp.uthscsa.edu\/phishbowl\/wp-content\/uploads\/sites\/90\/2024\/01\/2023-12-28_11-37-05_Suspicious_Login_Detected-550x332.png 550w, https:\/\/wp.uthscsa.edu\/phishbowl\/wp-content\/uploads\/sites\/90\/2024\/01\/2023-12-28_11-37-05_Suspicious_Login_Detected-800x483.png 800w, https:\/\/wp.uthscsa.edu\/phishbowl\/wp-content\/uploads\/sites\/90\/2024\/01\/2023-12-28_11-37-05_Suspicious_Login_Detected-768x464.png 768w, https:\/\/wp.uthscsa.edu\/phishbowl\/wp-content\/uploads\/sites\/90\/2024\/01\/2023-12-28_11-37-05_Suspicious_Login_Detected-1536x927.png 1536w\" sizes=\"auto, (max-width: 1574px) 100vw, 1574px\" \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This email is designed to have you access the PDF file in someone&#8217;s Google Drive or contact the email address to find out what to do next. This is a scam and the PDF file probably has malicious code. See the Red Flags listed below for information on why this is not a legitimate email. [&hellip;]<\/p>\n","protected":false},"author":412,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1780","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Suspicious Login Detected - Phish Bowl<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/wp.uthscsa.edu\/phishbowl\/uncategorized\/1780\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Suspicious Login Detected - Phish Bowl\" \/>\n<meta property=\"og:description\" content=\"This email is designed to have you access the PDF file in someone&#8217;s Google Drive or contact the email address to find out what to do next. This is a scam and the PDF file probably has malicious code. See the Red Flags listed below for information on why this is not a legitimate email. [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/wp.uthscsa.edu\/phishbowl\/uncategorized\/1780\/\" \/>\n<meta property=\"og:site_name\" content=\"Phish Bowl\" \/>\n<meta property=\"article:published_time\" content=\"2024-01-02T19:42:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-content\/uploads\/sites\/90\/2024\/01\/2023-12-28_11-37-05_Suspicious_Login_Detected.png\" \/>\n<meta name=\"author\" content=\"gerwitz\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"gerwitz\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/uncategorized\\\/1780\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/uncategorized\\\/1780\\\/\"},\"author\":{\"name\":\"gerwitz\",\"@id\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/#\\\/schema\\\/person\\\/2095530964cc8374433595be2eab7bde\"},\"headline\":\"Suspicious Login Detected\",\"datePublished\":\"2024-01-02T19:42:47+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/uncategorized\\\/1780\\\/\"},\"wordCount\":225,\"image\":{\"@id\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/uncategorized\\\/1780\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/wp-content\\\/uploads\\\/sites\\\/90\\\/2024\\\/01\\\/2023-12-28_11-37-05_Suspicious_Login_Detected.png\",\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/uncategorized\\\/1780\\\/\",\"url\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/uncategorized\\\/1780\\\/\",\"name\":\"Suspicious Login Detected - Phish Bowl\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/uncategorized\\\/1780\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/uncategorized\\\/1780\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/wp-content\\\/uploads\\\/sites\\\/90\\\/2024\\\/01\\\/2023-12-28_11-37-05_Suspicious_Login_Detected.png\",\"datePublished\":\"2024-01-02T19:42:47+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/#\\\/schema\\\/person\\\/2095530964cc8374433595be2eab7bde\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/uncategorized\\\/1780\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/uncategorized\\\/1780\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/uncategorized\\\/1780\\\/#primaryimage\",\"url\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/wp-content\\\/uploads\\\/sites\\\/90\\\/2024\\\/01\\\/2023-12-28_11-37-05_Suspicious_Login_Detected.png\",\"contentUrl\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/wp-content\\\/uploads\\\/sites\\\/90\\\/2024\\\/01\\\/2023-12-28_11-37-05_Suspicious_Login_Detected.png\",\"width\":1574,\"height\":950,\"caption\":\"Screenshot of email\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/uncategorized\\\/1780\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Suspicious Login Detected\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/#website\",\"url\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/\",\"name\":\"Phish Bowl\",\"description\":\"Phish Bowl\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/#\\\/schema\\\/person\\\/2095530964cc8374433595be2eab7bde\",\"name\":\"gerwitz\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1e6628f5d379deb64268f4658e72b047dd7498c88eed2f376a82d36778aa1632?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1e6628f5d379deb64268f4658e72b047dd7498c88eed2f376a82d36778aa1632?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1e6628f5d379deb64268f4658e72b047dd7498c88eed2f376a82d36778aa1632?s=96&d=mm&r=g\",\"caption\":\"gerwitz\"},\"url\":\"https:\\\/\\\/wp.uthscsa.edu\\\/phishbowl\\\/author\\\/gerwitz\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Suspicious Login Detected - Phish Bowl","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/wp.uthscsa.edu\/phishbowl\/uncategorized\/1780\/","og_locale":"en_US","og_type":"article","og_title":"Suspicious Login Detected - Phish Bowl","og_description":"This email is designed to have you access the PDF file in someone&#8217;s Google Drive or contact the email address to find out what to do next. This is a scam and the PDF file probably has malicious code. See the Red Flags listed below for information on why this is not a legitimate email. [&hellip;]","og_url":"https:\/\/wp.uthscsa.edu\/phishbowl\/uncategorized\/1780\/","og_site_name":"Phish Bowl","article_published_time":"2024-01-02T19:42:47+00:00","og_image":[{"url":"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-content\/uploads\/sites\/90\/2024\/01\/2023-12-28_11-37-05_Suspicious_Login_Detected.png","type":"","width":"","height":""}],"author":"gerwitz","twitter_card":"summary_large_image","twitter_misc":{"Written by":"gerwitz","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/wp.uthscsa.edu\/phishbowl\/uncategorized\/1780\/#article","isPartOf":{"@id":"https:\/\/wp.uthscsa.edu\/phishbowl\/uncategorized\/1780\/"},"author":{"name":"gerwitz","@id":"https:\/\/wp.uthscsa.edu\/phishbowl\/#\/schema\/person\/2095530964cc8374433595be2eab7bde"},"headline":"Suspicious Login Detected","datePublished":"2024-01-02T19:42:47+00:00","mainEntityOfPage":{"@id":"https:\/\/wp.uthscsa.edu\/phishbowl\/uncategorized\/1780\/"},"wordCount":225,"image":{"@id":"https:\/\/wp.uthscsa.edu\/phishbowl\/uncategorized\/1780\/#primaryimage"},"thumbnailUrl":"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-content\/uploads\/sites\/90\/2024\/01\/2023-12-28_11-37-05_Suspicious_Login_Detected.png","inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/wp.uthscsa.edu\/phishbowl\/uncategorized\/1780\/","url":"https:\/\/wp.uthscsa.edu\/phishbowl\/uncategorized\/1780\/","name":"Suspicious Login Detected - Phish Bowl","isPartOf":{"@id":"https:\/\/wp.uthscsa.edu\/phishbowl\/#website"},"primaryImageOfPage":{"@id":"https:\/\/wp.uthscsa.edu\/phishbowl\/uncategorized\/1780\/#primaryimage"},"image":{"@id":"https:\/\/wp.uthscsa.edu\/phishbowl\/uncategorized\/1780\/#primaryimage"},"thumbnailUrl":"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-content\/uploads\/sites\/90\/2024\/01\/2023-12-28_11-37-05_Suspicious_Login_Detected.png","datePublished":"2024-01-02T19:42:47+00:00","author":{"@id":"https:\/\/wp.uthscsa.edu\/phishbowl\/#\/schema\/person\/2095530964cc8374433595be2eab7bde"},"breadcrumb":{"@id":"https:\/\/wp.uthscsa.edu\/phishbowl\/uncategorized\/1780\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/wp.uthscsa.edu\/phishbowl\/uncategorized\/1780\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/wp.uthscsa.edu\/phishbowl\/uncategorized\/1780\/#primaryimage","url":"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-content\/uploads\/sites\/90\/2024\/01\/2023-12-28_11-37-05_Suspicious_Login_Detected.png","contentUrl":"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-content\/uploads\/sites\/90\/2024\/01\/2023-12-28_11-37-05_Suspicious_Login_Detected.png","width":1574,"height":950,"caption":"Screenshot of email"},{"@type":"BreadcrumbList","@id":"https:\/\/wp.uthscsa.edu\/phishbowl\/uncategorized\/1780\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/wp.uthscsa.edu\/phishbowl\/"},{"@type":"ListItem","position":2,"name":"Suspicious Login Detected"}]},{"@type":"WebSite","@id":"https:\/\/wp.uthscsa.edu\/phishbowl\/#website","url":"https:\/\/wp.uthscsa.edu\/phishbowl\/","name":"Phish Bowl","description":"Phish Bowl","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/wp.uthscsa.edu\/phishbowl\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/wp.uthscsa.edu\/phishbowl\/#\/schema\/person\/2095530964cc8374433595be2eab7bde","name":"gerwitz","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/1e6628f5d379deb64268f4658e72b047dd7498c88eed2f376a82d36778aa1632?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/1e6628f5d379deb64268f4658e72b047dd7498c88eed2f376a82d36778aa1632?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1e6628f5d379deb64268f4658e72b047dd7498c88eed2f376a82d36778aa1632?s=96&d=mm&r=g","caption":"gerwitz"},"url":"https:\/\/wp.uthscsa.edu\/phishbowl\/author\/gerwitz\/"}]}},"_links":{"self":[{"href":"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-json\/wp\/v2\/posts\/1780","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-json\/wp\/v2\/users\/412"}],"replies":[{"embeddable":true,"href":"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-json\/wp\/v2\/comments?post=1780"}],"version-history":[{"count":0,"href":"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-json\/wp\/v2\/posts\/1780\/revisions"}],"wp:attachment":[{"href":"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-json\/wp\/v2\/media?parent=1780"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-json\/wp\/v2\/categories?post=1780"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-json\/wp\/v2\/tags?post=1780"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}