{"id":382,"date":"2021-05-10T15:01:49","date_gmt":"2021-05-10T22:01:49","guid":{"rendered":"https:\/\/blogs.pugetsound.edu\/infosec\/?p=382"},"modified":"2021-05-10T15:01:51","modified_gmt":"2021-05-10T22:01:51","slug":"phishing-from-5-9-21-daniel-garbutt-shared-doc-file-with-you","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/382","title":{"rendered":"Phishing from 5\/9\/21: “Daniel Garbutt shared ‘doc.File’ with you.”"},"content":{"rendered":"\n

Original Phishing Message<\/p>\n\n\n\n

Note: If you received this message, simply delete it and <\/em>do not click on any links. If you clicked on the link, please contact the Service Desk at 253-879-8585 so we may assist with ensuring the security of your account. <\/em><\/strong><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Tips for Detection<\/p>\n\n\n\n

  • Cloud file sharing links are a very common technique used in phishing emails. Links in these emails are typically designed to steal your credentials or to download malware onto your computer. <\/li>
  • If you are not expecting a shared file from somebody you know or receive a document sharing link from somebody you do not know, always use extra caution. <\/li>
  • Notice the misspelling of “Isiaah” in the text of the email. It appears the sender was attempting to impersonate a campus member. <\/li>
  • Notice that the file extension in the linked document appears to be “.File” which is not a valid document type. An extremely generic document title like “doc.File” is suspicious. <\/li><\/ul>\n\n\n\n

    Text of Phishing Message<\/p>\n\n\n\n

    From:<\/strong> Daniel.Garbutt[@]usrowing[.]org
    Subject:<\/strong> Daniel Garbutt shared “doc.File” with you.<\/p>\n\n\n\n

    Daniel Garbutt shared a file with you. <\/p>\n\n\n\n

    FWD: siaah Crawford Shared a file with one drive.<\/p>\n\n\n\n

    doc.File<\/p>\n\n\n\n

    This link only works for the direct recipients of this message. <\/p>\n","protected":false},"excerpt":{"rendered":"

    Original Phishing Message Note: If you received this message, simply delete it and do not click on any links. If you clicked on the link, please contact the Service Desk at 253-879-8585 so we may assist with ensuring the security of your account. Tips for Detection Cloud file sharing links are a very common technique […]<\/p>\n","protected":false},"author":521,"featured_media":383,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3],"class_list":["post-382","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/382","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=382"}],"version-history":[{"count":1,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/382\/revisions"}],"predecessor-version":[{"id":384,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/382\/revisions\/384"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/383"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=382"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=382"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=382"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}