{"id":604,"date":"2022-02-04T13:20:13","date_gmt":"2022-02-04T21:20:13","guid":{"rendered":"https:\/\/blogs.pugetsound.edu\/infosec\/?p=604"},"modified":"2022-02-04T13:37:28","modified_gmt":"2022-02-04T21:37:28","slug":"phishing-from-2-4-2022-document-shared-with-you-annual-faculty-evaluations-docx","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/604","title":{"rendered":"Phishing from 2\/4\/2022: “Document shared with you: ‘Annual Faculty Evaluations.docx'”"},"content":{"rendered":"\n
Original Phishing Message<\/p>\n\n\n\n
Note: If you received this message or a message similar to this, please simply delete it as this message is NOT legitimate.<\/em><\/strong><\/p>\n\n\n\n
From:<\/strong> IT HelpDesk (via Google Drive) <drive-shares-dm-noreply[@]google[.]com> Subject:<\/strong> Document shared with you: “Annual Faculty Evaluations.docx” <\/p>\n\n\n\n
The body of the email will likely contain text like “[Department Chair<\/em>] shared a file with you.”<\/p>\n\n\n\n<\/figure>\n\n\n\n
Tips for Detection<\/p>\n\n\n\n
Notice that the individual sharing the document is outside <\/em><\/strong>Puget Sound. When you see the yellow\/orange banner in a Google Drive share email that says “[email address<\/em>] is outside your organiztion”, please use extra caution. <\/li>
Look for mismatches between the email address in the body of the email versus the display name. <\/li>
Many phishing attempts utilize legitimate cloud collaboration services such as Google Drive, OneDrive, Dropbox, etc.<\/li>
If you’re not expecting a shared document, use extra caution before clicking on the link. <\/li><\/ul>\n\n\n\n
![\"\"](\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/02\/2-4-22-google-drive-phish-1024x840.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/02\/2-4-22-google-drive-phish-link-1024x426.png\")
<\/figure>\n","protected":false},"excerpt":{"rendered":"