![\"Screenshot](\"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-content\/uploads\/sites\/90\/2025\/12\/20251203MyUTHealthIMS.png\")
<\/p>\nThis is a dangerous email, because it doesn’t have the usual red flags. The only red flag it had was it was sent outside of normal business hours. This tactic targets mobile users, making it easier to overlook other warning signs.<\/p>\n
There is an embedded image with a hidden malicious link in the body of the email.<\/p>\n
<\/p>\n
The primary aim was to capture employees’ login credentials and mobile phone numbers.<\/p>\n
Attack Mechanism:<\/strong> <\/p>\n","protected":false},"excerpt":{"rendered":" This is a dangerous email, because it doesn’t have the usual red flags. The only red flag it had was it was sent outside of normal business hours. This tactic targets mobile users, making it easier to overlook other warning signs. There is an embedded image with a hidden malicious link in the body of […]<\/p>\n","protected":false},"author":412,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2041","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"\n
\nUpon clicking the link in the image, users were directed to a fraudulent page prompting them to enter their login details and mobile number.
\nThe attackers then utilized the stolen credentials and phone number to initiate a Duo 2FA phone call, which unsuspecting users approved.
\nThis granted the attackers access to change account passwords and modify bank direct deposit information.<\/p>\n![\"Screenshot](\"https:\/\/wp.uthscsa.edu\/phishbowl\/wp-content\/uploads\/sites\/90\/2025\/12\/20251203MyUTHealthIMS2.png\")
<\/p>\n