1 Apr 2019 05:56:19 -0700 From: "manhattan.edu" <email@example.com> To: ██████.██████@manhattan.edu Message-ID: <20190401055619.AF1B5635B08A35FE@support.com> Matched rules Dear ██████.██████, Your Email Account (██████.██████@manhattan.edu) password is set to expire in 3 days, it will expire on. *4 Apr 2019*. We recommend you to click the Email Settings below to confirm your email password to avoid login interruptions. Email Setings Best Regards, *Note:**Please do not ignore this message.* 2019 ⓒ manhattan.edu account team.
The link, which is removed in the above, appears to go to google.com but actually redirects to a malicious site.
The above link is similar to the malicious URL, and uses yahoo.com instead of the malicious site. Google is currently blocking this redirection, which is for the best.
|Screenshot showing Google blocking this redirection phishing exploit.|
ITS reported the email with full headers using the Google reporting form. Also ITS blocked access to the malicious website from our campus. Any off-campus user can still accidentally visit the website though. Thankfully this email was not delivered to a single inbox within our organization.