Original Phishing Message
From: drive-shares-dm-noreply[@]google[.]com
Display name: Emma Zaragoza
Subject: Document shared with you: “2023 FACULTY EVALUATION.pdf.docx”
Tips for Detection
- Notice that the individual sharing the document is outside Puget Sound. When you see the yellow/orange banner in a Google Drive share email that says “[email address] is outside your organiztion”, please use extra caution.
- Look for mismatches between the email address in the body of the email versus the display name.
- Many phishing attempts utilize legitimate cloud collaboration services such as Google Drive, OneDrive, Dropbox, etc.
- If you’re not expecting a shared document, use extra caution before clicking on the link.
- Be wary of document shares that you are not expecting. Online collaboration tools are a frequent method of phishing attacks.
- Many document share phishing emails contain enticing subject lines like “Memo”, “Dept Evaluation”, “Dept Assessment”, or “Annual Faculty Evaluations”.
Where Did the Link Lead?
Though the link does indeed go to Google Drive, the file contains a link to another site that aims to harvest your credentials. Use extra caution with shortened URLs such as tinyurl.com or bit.ly as it’s difficult to tell where the link will actually lead.
Tips to reveal the full URL behind a shortened URL – For tinyurl links, type preview between the https:// and tinyurl in the hyperlink. For bitl.y links, add a + at the end of the URL. There are various websites that provide link expanding services as well.
Text of Phishing Message
From: drive-shares-dm-noreply[@]google[.]com
Display name: Emma Zaragoza
Subject: Document shared with you: “2023 FACULTY EVALUATION.pdf.docx”
Emma Zaragoza shared a document
Emma Zaragoza (emma.zaragoza[@]sheboyganchristian[.]com) has invited you to view the following document:
FWD: Amy Hackett has invited you to view the following file that need urgent attention.
2023 FACULTY EVALUATION.pdf.docx
If you don’t want to receive files from this person, block the sender from Drive.