Original Phishing Message

From: drive-shares-dm-noreply[@]google[.]com //  wright.jasper[@]newton[.]k12[.]ga[.]us
Display name: Jasper Wright
Subject: Document shared with you: “Pugetsound/review”

Tips for Detection

• Notice that the individual sharing the document is outside Puget Sound. When you see the yellow/orange banner in a Google Drive share email that says “[email address] is outside your organiztion”, please use extra caution.
• Look for mismatches between the email address in the body of the email versus the display name.
• Many phishing attempts utilize legitimate cloud collaboration services such as Google Drive, OneDrive, Dropbox, etc.
• If you’re not expecting a shared document, use extra caution before clicking on the link.
• Be wary of document shares that you are not expecting. Online collaboration tools are a frequent method of phishing attacks.
• Many document share phishing emails contain enticing subject lines like “Memo”, “Dept Evaluation”, “Dept Assessment”, or “Annual Faculty Evaluations”.

Where Did the Link Lead?

Though the link does indeed go to Google Drive, the file contains a link to a Google Form that aims to harvest your credentials.

Never enter your password in an online form or on a website you do not recognize.

Text of Phishing Message

From: drive-shares-dm-noreply[@]google[.]com
Display name: Jasper Wright
Subject: Document shared with you: “Pugetsound/review”

Jasper Wright (wright.jasper[@]newton[.]k12[.]ga[.]us) has invited you to view the following document:

Jasper Wright shared a document

Pugetsound/review

Open

If you don’t want to receive files from this person, block the sender from Drive.