{"id":893,"date":"2022-10-13T10:27:48","date_gmt":"2022-10-13T17:27:48","guid":{"rendered":"https:\/\/blogs.pugetsound.edu\/infosec\/?p=893"},"modified":"2022-10-13T10:27:50","modified_gmt":"2022-10-13T17:27:50","slug":"phishing-from-10-13-2022-item-shared-with-you-it-support-help-desk-pdf","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/893","title":{"rendered":"Phishing from 10\/13\/2022: &#8220;Item shared with you: &#8216;IT SUPPORT\/HELP-DESK.pdf'&#8221;"},"content":{"rendered":"\n<p class=\"has-large-font-size\">Original Phishing Message<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"383\" src=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/10\/10-13-22-gdoc-share-phish-1024x383.png\" alt=\"\" class=\"wp-image-894\" srcset=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/10\/10-13-22-gdoc-share-phish-1024x383.png 1024w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/10\/10-13-22-gdoc-share-phish-300x112.png 300w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/10\/10-13-22-gdoc-share-phish-768x287.png 768w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/10\/10-13-22-gdoc-share-phish-1536x574.png 1536w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/10\/10-13-22-gdoc-share-phish-1440x538.png 1440w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/10\/10-13-22-gdoc-share-phish.png 1803w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"has-large-font-size\">Tips for Detection<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Though the message was sent using Google Drive document sharing, use caution if you do not recognize the sender or the sender is outside your organization.<\/li><li>Notice the mismatch between the sender (e.g. Adam Hille) versus the name mentioned in the sharing note (e.g. President ISIAAH CRAWFORD) versus the title of the document (e.g. IT SUPPORT\/HELP-DESK). This should be suspicious.<\/li><\/ul>\n\n\n\n<p class=\"has-large-font-size\">Where Did the Link Lead?<\/p>\n\n\n\n<p>The link led to a PDF stored on Google Drive containing another link to a Google Form that asked for your password. Never enter your credentials or sensitive personal information on online forms.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"581\" src=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/10\/10-13-22-gdoc-share-phish-link1-1024x581.png\" alt=\"\" class=\"wp-image-895\" srcset=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/10\/10-13-22-gdoc-share-phish-link1-1024x581.png 1024w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/10\/10-13-22-gdoc-share-phish-link1-300x170.png 300w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/10\/10-13-22-gdoc-share-phish-link1-768x436.png 768w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/10\/10-13-22-gdoc-share-phish-link1-1440x817.png 1440w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/10\/10-13-22-gdoc-share-phish-link1.png 1443w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"650\" src=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/10\/10-13-22-gdoc-share-phish-link2-1024x650.png\" alt=\"\" class=\"wp-image-896\" srcset=\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/10\/10-13-22-gdoc-share-phish-link2-1024x650.png 1024w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/10\/10-13-22-gdoc-share-phish-link2-300x190.png 300w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/10\/10-13-22-gdoc-share-phish-link2-768x487.png 768w, https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/10\/10-13-22-gdoc-share-phish-link2.png 1440w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"has-large-font-size\">Text of Phishing Message<\/p>\n\n\n\n<p><strong>Subject: <\/strong>Item shared with you: &#8220;IT SUPPORT\/HELP-DESK.pdf&#8221;<\/p>\n\n\n\n<p>Adam Hille shared an item<\/p>\n\n\n\n<p>Adam Hille (ahille[@]isd2835[.]org) has shared the following item:<br>fwd: President ISIAAH CRAWFORD shared a File with you using One Drive.<\/p>\n\n\n\n<p>IT SUPPORT\/HELP-DESK.pdf<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Original Phishing Message Tips for Detection Though the message was sent using Google Drive document sharing, use caution if you do not recognize the sender or the sender is outside your organization. Notice the mismatch between the sender (e.g. Adam Hille) versus the name mentioned in the sharing note (e.g. President ISIAAH CRAWFORD) versus the [&hellip;]<\/p>\n","protected":false},"author":521,"featured_media":894,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3],"class_list":["post-893","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/893","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=893"}],"version-history":[{"count":1,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/893\/revisions"}],"predecessor-version":[{"id":897,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/893\/revisions\/897"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/894"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=893"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=893"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=893"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}