Original Phishing Message

NOTE: If you received this message, please delete it or use the option to “block the sender” from Drive as it is NOT legitimate.

Tips for Detection

• This message may be difficult to spot as it takes the form of a real Google Document share. Look for mismatches between the actual sender’s name/email address (e.g. Adam Hille has shared the following item) versus the name mentioned in the description of the document share (e.g. Dr. Isiaah Crawford shared a File).
• Notice the mismatch between the file share being from Google where the text mentions OneDrive.
• Notice that the individual sharing the document is outside Puget Sound. When you see the yellow/orange banner in a Google Drive share email that says “[email address or name] is outside your organiztion”, please use extra caution.
• Many phishing attempts utilize legitimate cloud collaboration services such as Google Drive, OneDrive, Dropbox, etc. Frequently, the shared document will include a note to click a link to open the actual document – however, this link will generally lead to a site that asks for your credentials (e.g. fake login website, web form).
• If you’re not expecting a shared document, use extra caution before clicking on the link.

If you would like to prevent an email address from being able to use Google Drive to share files with you, you can block them: https://support.google.com/drive/answer/10613533.

Text of Phishing Message

From: Adam Hille (via Google Drive) <drive-shares-dm-noreply[@]google[.]com>
Subject: Item shared with you: “Employee Report.pdf”

Adam Hille shared an item

Adam Hille (ahille[@]isd2835[.]org) has shared the following item:
fwd: Dr. Isiaah Crawford shared a File with you using One Drive.

Employee Report.pdf