{"id":966,"date":"2023-01-26T13:37:18","date_gmt":"2023-01-26T21:37:18","guid":{"rendered":"https:\/\/blogs.pugetsound.edu\/infosec\/?p=966"},"modified":"2023-01-26T17:04:16","modified_gmt":"2023-01-27T01:04:16","slug":"phishing-from-01-26-23-document-shared-with-you-2023-faculty-evaluation-pdf-docx","status":"publish","type":"post","link":"https:\/\/blogs.pugetsound.edu\/infosec\/the-phish-tank\/966","title":{"rendered":"PHISHING FROM 01\/26\/23: \u201cDocument shared with you: “2023 FACULTY EVALUATION.pdf.docx”\u201d"},"content":{"rendered":"\n

Original Phishing Message<\/h2>\n\n\n\n

From:\u00a0<\/strong>drive-shares-dm-noreply[@]google[.]com
Display name:<\/strong> Emma Zaragoza
Subject:\u00a0<\/strong>Document shared with you: “2023 FACULTY EVALUATION.pdf.docx”<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Tips for Detection<\/h2>\n\n\n\n
  • Notice that the individual sharing the document is\u00a0outside\u00a0<\/em><\/strong>Puget Sound. When you see the yellow\/orange banner in a Google Drive share email that says \u201c[email address<\/em>] is outside your organiztion\u201d, please use extra caution.<\/li>
  • Look for mismatches between the email address in the body of the email versus the display name.<\/li>
  • Many phishing attempts utilize legitimate cloud collaboration services such as Google Drive, OneDrive, Dropbox, etc.<\/li>
  • If you\u2019re not expecting a shared document, use extra caution before clicking on the link.<\/li>
  • Be wary of document shares that you are not expecting. Online collaboration tools are a frequent method of phishing attacks.<\/li>
  • Many document share phishing emails contain enticing subject lines like “Memo”, \u201cDept Evaluation\u201d, \u201cDept Assessment\u201d, or \u201cAnnual Faculty Evaluations\u201d.<\/li><\/ul>\n\n\n\n

    Where Did the Link Lead?<\/h2>\n\n\n\n

    Though the link does indeed go to Google Drive, the file contains a link to another site that aims to harvest your credentials. Use extra caution with shortened URLs such as tinyurl.com or bit.ly as it\u2019s difficult to tell where the link will actually lead.<\/p>\n\n\n\n

    Tips to reveal the full URL behind a shortened URL \u2013 For tinyurl links, type\u00a0preview<\/strong>\u00a0between the\u00a0https:\/\/<\/strong>\u00a0and\u00a0tinyurl<\/strong>\u00a0in the hyperlink. For bitl.y links, add a\u00a0+<\/strong>\u00a0at the end of the URL. There are various websites that provide link expanding services as well.<\/p><\/blockquote>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    Text of Phishing Message<\/h2>\n\n\n\n

    From:\u00a0<\/strong>drive-shares-dm-noreply[@]google[.]com
    Display name:<\/strong> Emma Zaragoza
    Subject:\u00a0<\/strong>Document shared with you: “2023 FACULTY EVALUATION.pdf.docx” <\/p>\n\n\n\n

    Emma Zaragoza shared a document <\/p>\n\n\n\n

    Emma Zaragoza (emma.zaragoza[@]sheboyganchristian[.]com) has invited you to view the following document:<\/p>\n\n\n\n

    FWD: Amy Hackett has invited you to view the following file that need urgent attention.<\/p>\n\n\n\n

    2023 FACULTY EVALUATION.pdf.docx<\/p>\n\n\n\n

    If you don’t want to receive files from this person, block the sender from Drive.<\/p>\n","protected":false},"excerpt":{"rendered":"

    Original Phishing Message From:\u00a0drive-shares-dm-noreply[@]google[.]comDisplay name: Emma ZaragozaSubject:\u00a0Document shared with you: “2023 FACULTY EVALUATION.pdf.docx” Tips for Detection Notice that the individual sharing the document is\u00a0outside\u00a0Puget Sound. When you see the yellow\/orange banner in a Google Drive share email that says \u201c[email address] is outside your organiztion\u201d, please use extra caution. Look for mismatches between the email […]<\/p>\n","protected":false},"author":643,"featured_media":967,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3,4],"class_list":["post-966","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing","tag-phishtank"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/966","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/643"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=966"}],"version-history":[{"count":2,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/966\/revisions"}],"predecessor-version":[{"id":1036,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/966\/revisions\/1036"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/967"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=966"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=966"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=966"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}