Original Phishing Message
From: no-reply[@]sharepointonline[.]com
Subject: Kenneth Allard shared “Dept Evaluation-” with you.
Where Did the Link Lead?
The link led to a Sharepoint site that contained a link to another file. If you ever see a document share that looks similar to the one below, it is most likely phishing.
The second link goes to a Google Form asking for your credentials. NEVER enter your password on online forms. There are generally no legitimate purposes for collecting credentials via Google Forms, Microsoft Forms, Survey Monkey, Qualtrics, etc. Even though the platform being used is legitimate, the purposes are likely nefarious and may lead to an attacker taking over your account.
Tips for Detection
- Though the email was sent from a legitimate Microsoft service (SharePoint), the email was sent from somebody outside the organization who was attempting to impersonate President Crawford.
- Be wary of document shares that you are not expecting. Online collaboration tools are a frequent method of phishing attacks.
- Many document share phishing emails contain enticing subject lines like “Dept Evaluation”, “Dept Assessment”, or “Annual Faculty Evaluations”.
- Though the links led to legitimate sites such as Microsoft SharePoint and Google Forms, the content displayed should be suspicious. Remember to NEVER enter passwords on online forms.
Text of Phishing Message
From: no-reply[@]sharepointonline[.]com
Subject: Kenneth Allard shared “Dept Evaluation-” with you.
Kenneth Allard shared a file with you
fwd: Dr. ISIAAH CRAWFORD shared a File with you using One Drive.
Dept Evaluation-