Original Phishing Message

NOTE: If you received this message, it is NOT legitimate. Do not follow the link.

Tips for Detection

• This message may be difficult to spot as it takes the form of a real Google Document share. Look for mismatches between the actual sender’s name/email address (e.g. James Wilson has shared the following item) versus the name mentioned in the description of the document share (e.g. Isiaah Crawford sent a request to view the file).
• Notice that the individual sharing the document is outside Puget Sound. When you see the yellow/orange banner in a Google Drive share email that says “[email address or name] is outside your organiztion”, please use extra caution.
• Many phishing attempts utilize legitimate cloud collaboration services such as Google Drive, OneDrive, Dropbox, etc. Frequently, the shared document will include a note to click a link to open the actual document – however, this link will generally lead to a site that asks for your credentials (e.g. fake login website, web form).
• If you’re not expecting a shared document, use extra caution before clicking on the link.

If you would like to prevent an email address from being able to use Google Drive to share files with you, you can block them: https://support.google.com/drive/answer/10613533.

Text of Phishing Message

From: James Wilson (via Google Drive) <drive-shares-dm-noreply[@]google[.]com>
Subject: Item shared with you: “ADMIN”

James Wilson shared an item

James Wilson (wilsonj[@]region-12[.]org) has shared the following item:

Fwd: Isiaah Crawford sent a request to view the file.

Isiaah Crawford
President
University of Puget Sound