{"id":1039,"date":"2023-03-09T13:21:53","date_gmt":"2023-03-09T21:21:53","guid":{"rendered":"https:\/\/blogs.pugetsound.edu\/infosec\/?p=1039"},"modified":"2023-03-10T08:20:31","modified_gmt":"2023-03-10T16:20:31","slug":"phishing-from-03-09-23-document-shared-with-you-pugetsound-review","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/1039","title":{"rendered":"Phishing from 03\/09\/23: \u201cDocument shared with you: ‘Pugetsound\/review'”"},"content":{"rendered":"\n

Original Phishing Message<\/h2>\n\n\n\n

From: <\/strong>drive-shares-dm-noreply[@]google[.]com \/\/  wright.jasper[@]newton[.]k12[.]ga[.]us
Display name:<\/strong> Jasper Wright
Subject: <\/strong>Document shared with you: “Pugetsound\/review”<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Tips for Detection<\/h2>\n\n\n\n
  • Notice that the individual sharing the document is outside <\/em><\/strong>Puget Sound. When you see the yellow\/orange banner in a Google Drive share email that says \u201c[email address<\/em>] is outside your organiztion\u201d, please use extra caution.<\/li>
  • Look for mismatches between the email address in the body of the email versus the display name.<\/li>
  • Many phishing attempts utilize legitimate cloud collaboration services such as Google Drive, OneDrive, Dropbox, etc.<\/li>
  • If you\u2019re not expecting a shared document, use extra caution before clicking on the link.<\/li>
  • Be wary of document shares that you are not expecting. Online collaboration tools are a frequent method of phishing attacks.<\/li>
  • Many document share phishing emails contain enticing subject lines like “Memo”, \u201cDept Evaluation\u201d, \u201cDept Assessment\u201d, or \u201cAnnual Faculty Evaluations\u201d.<\/li><\/ul>\n\n\n\n

    Where Did the Link Lead?<\/h2>\n\n\n\n

    Though the link does indeed go to Google Drive, the file contains a link to a Google Form that aims to harvest your credentials. <\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    Never enter your password in an online form or on a website you do not recognize.<\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    Text of Phishing Message<\/h2>\n\n\n\n

    From: <\/strong>drive-shares-dm-noreply[@]google[.]com
    Display name:<\/strong> Jasper Wright
    Subject: <\/strong>Document shared with you: “Pugetsound\/review” <\/p>\n\n\n\n

    Jasper Wright (wright.jasper[@]newton[.]k12[.]ga[.]us) has invited you to view<\/strong> the following document:<\/p>\n\n\n\n

    Jasper Wright shared a document <\/p>\n\n\n\n

    Pugetsound\/review <\/p>\n\n\n\n

    Open<\/p>\n\n\n\n

    If you don’t want to receive files from this person, block the sender from Drive.<\/p>\n","protected":false},"excerpt":{"rendered":"

    Original Phishing Message From: drive-shares-dm-noreply[@]google[.]com \/\/  wright.jasper[@]newton[.]k12[.]ga[.]usDisplay name: Jasper WrightSubject: Document shared with you: “Pugetsound\/review” Tips for Detection Notice that the individual sharing the document is outside Puget Sound. When you see the yellow\/orange banner in a Google Drive share email that says \u201c[email address] is outside your organiztion\u201d, please use extra caution. Look for mismatches between the email […]<\/p>\n","protected":false},"author":643,"featured_media":1040,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3,4],"class_list":["post-1039","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing","tag-phishtank"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/1039","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/643"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=1039"}],"version-history":[{"count":2,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/1039\/revisions"}],"predecessor-version":[{"id":1047,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/1039\/revisions\/1047"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/1040"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=1039"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=1039"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=1039"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}