{"id":331,"date":"2021-03-17T12:17:59","date_gmt":"2021-03-17T19:17:59","guid":{"rendered":"https:\/\/blogs.pugetsound.edu\/infosec\/?p=331"},"modified":"2021-03-17T12:27:27","modified_gmt":"2021-03-17T19:27:27","slug":"phishing-from-3-17-21-adjunct-evaluation-2-docx","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/331","title":{"rendered":"Phishing from 3\/17\/21: &#8220;Adjunct Evaluation (2).docx&#8221;"},"content":{"rendered":"\n<p class=\"has-medium-font-size\">If you received an email with the following indicators, please delete the email and <strong>do not<\/strong> click the link.<\/p>\n\n\n\n<p><strong>From:<\/strong> &#8220;IT Helpdesk (via Google Drive)&#8221; ithelpdesk3790[@]gmail[.]com<br><strong>Subject line: <\/strong>Adjunct Evaluation (2).docx<\/p>\n\n\n\n<p>Though the email appears very similar to a legitimate Google Doc share, that does not mean it is safe. The content of the file could contain malicious links or there could be a password-protected file containing malware. <\/p>\n\n\n\n<p class=\"has-large-font-size\">Tips for Spotting Fake Cloud-Sharing Emails<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Were you expecting it?<\/strong> If you were not expecting a shared document, use caution before clicking links or opening attachments.<\/li><li><strong>Did it seem overly vague? <\/strong>There is no name associated with who shared the document which should be suspicious. Something generic like \u201ccommitteechair\u201d or \u201cdepartmentchair\u201d or &#8220;IT Helpdesk&#8221; are frequently used in phishing attacks. Further, the document title seems vague enough to seem relevant to anyone.<\/li><li><strong>Was it from the correct email address? <\/strong>For legitimate shared Google documents, expect the message to be sent with a display name like this: \u201cJane Logger (via Google Docs).\u201d The sending email address should be: \u201cdrive-shares-noreply@google.com.\u201d<\/li><li><strong>Is the linked document password protected? <\/strong>Normally, a file is scanned for viruses before it is uploaded to a cloud service like Google Drive or Microsoft OneDrive. However, if the file is password protected, the automatic malware scan cannot occur since the file is encrypted. If you receive a link to a cloud storage site and the email includes a password to unlock the file, use caution. <\/li><\/ul>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you received an email with the following indicators, please delete the email and do not click the link. From: &#8220;IT Helpdesk (via Google Drive)&#8221; ithelpdesk3790[@]gmail[.]comSubject line: Adjunct Evaluation (2).docx Though the email appears very similar to a legitimate Google Doc share, that does not mean it is safe. The content of the file could [&hellip;]<\/p>\n","protected":false},"author":521,"featured_media":337,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3,4],"class_list":["post-331","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing","tag-phishtank"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/331","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=331"}],"version-history":[{"count":4,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/331\/revisions"}],"predecessor-version":[{"id":339,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/331\/revisions\/339"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/337"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=331"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=331"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=331"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}