Original Phishing Message

Note: If you received this message or a message similar to this, please simply delete it as this message is NOT legitimate.

From: IT HelpDesk (via Google Drive) <drive-shares-dm-noreply[@]google[.]com>
Subject: Document shared with you: “Annual Faculty Evaluations.docx”

The body of the email will likely contain text like “[Department Chair] shared a file with you.”

Tips for Detection

• Notice that the individual sharing the document is outside Puget Sound. When you see the yellow/orange banner in a Google Drive share email that says “[email address] is outside your organiztion”, please use extra caution.
• Look for mismatches between the email address in the body of the email versus the display name.
• Many phishing attempts utilize legitimate cloud collaboration services such as Google Drive, OneDrive, Dropbox, etc.
• If you’re not expecting a shared document, use extra caution before clicking on the link.

If you would like to prevent an email address from being able to use Google Drive to share files with you, you can block them: https://support.google.com/drive/answer/10613533.

Where Did the Link Lead?

Though the link does indeed go to Google Drive, the file contains a link to another site that aims to harvest your credentials. The hyperlinked text goes to tinyurl[.]com/5xarpmev. Use extra caution with shortened URLs such as tinyurl.com or bit.ly as it’s difficult to tell where the link will actually lead.

Tips to reveal the full URL behind a shortened URL – For tinyurl links, type preview between the https:// and tinyurl in the hyperlink. For bitl.y links, add a + at the end of the URL. There are various websites that provide link expanding services as well.