
In this example, scammers utilize Google Drive's collaboration feature and send push notifications from Google itself to deliver malicious content. The email may contain a non-UMN URL, a OneDrive notification, and/or a link to Google workspace.
The scammers’ goal is to get you to open a Google doc containing a link to either malware or a fake login page.
Note: Our University email addresses and Internet IDs are considered public data (unless they are suppressed). Scammers often collect email addresses off the Internet for their scam recipients.
Indicators of Phishing
- Document names (not exhaustive): DC.docx, Evaluation.docx, EVALUATION FORM.docx, Faculty Evaluation.docx, Evaluation.pdf
- The name and email of the person sharing the document does not match the name or email of the purported UMN person sharing the document
- First line of the message is "[Non-UMN email address] shared a document"
- Non-standard English grammar and spelling errors
- Contains a link to a docx or PDF -- Always a red flag!
What to do if you receive one of these:
- Do not reply, click the link(s), login (if you do click the link) or approve a Duo push.
- Forward the scam email, with headers, to [email protected].
- For more information, please see: How to Manage Spam Emails.
Example 1:
From: hbarnett (via Google Drive) <[email protected]>
Date: Fri, Jun 18, 2021 at 4:36 AM
Subject: Item shared with you: "Evaluation.pdf"
To: <[email protected]>
Cc: big CC list
[email protected] shared an item
[email protected] has shared the following item:
FDW: Gabel Joan has shared a file with One Drive.
Evaluation.pdf
[email protected] is outside your organization.
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
You have received this email because [email protected] shared a file or folder located in Google Drive with you. Logo for Google Drive
Example 2:
From: Tiana Jordan (via Google Drive) <[email protected]>
Date: Tue, Jun 22, 2021 at 5:00 PM
Subject: Document shared with you: "DC.docx"
To: <[email protected]>
Cc: big CC list
[email protected] shared a document
[email protected] has shared the following document:
Josh Berlo shared a file with you.
DC.docx
[email protected] is outside your organization.
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
You have received this email because [email protected] shared a file or folder located in Google Drive with you.