Update – 2/4/2021

Similar phishing message from ppalomar[@]usa[.]edu with subject line “PaperWorks” has been reported. Read further for more information.

Original Phishing Message

Note: If you received this email, please simply delete the message. If you clicked on any links, please immediately contact the Service Desk for assistance. Always use caution before clicking links or opening attachments in emails you are not expecting.

Where Did the Link Lead?

The “View Document” hyperlink (https://docs[.]google[.]com/uc?export=download&id=1ItMUs2ynoGWJ_5RU2RMmpCUuqpH6UME9) does not look immediately suspicious as it leads to docs.google.com. However, you’ll notice that the link contains “=download” which triggers an immediate download of the file to your computer. Use caution whenever you see this in a URL.

The downloaded file was a .html file which would open in your browser like a webpage. It masquerades as a locked PDF file requiring you to sign in to view the document.

Any of the three options to sign in would then open a new dialog window to enter your email address and password. If you click “Login”, your credentials would be immediately sent to the attacker and your account would be compromised. Note: if you entered credentials, please immediately contact the Service Desk for assistance.

Text of Phishing Message

From: Ryan.Youell[@]Seattlecolleges[.]edu
Subject: PaperWork

Attention [username]@pugetsound.edu :

You have a secured and encrypted document waiting for you tagged “PaperWork” by Ryan Youell

View Document

Let me know your insights regarding the document. I appreciate your feedback.

Sincerely,

Ryan Youell