Go to the U of M home page

Monday, December 10, 2018

Example 225: Doc701234.docx

Google doc containing phishing link sent to steal login information.

Message Text:

From: Some Name (via Google Drive) <SomeName@gmail.com>
Date: Mon, Dec 10, 2018 at 12:08 PM
Subject: Doc701234.docx
To:
Cc:
SomeName@gmail.com has shared the following document:
Doc701234.docx
<https://drive.google.com/file/d/xxxxx>
[image: Unknown profile photo]John Coleman as shared a file with you
Open
<https://drive.google.com/file/d/XXXXX>
SomeName@gmail.com is outside your organization.
Google Drive: Have all your files within reach from any device.
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA [image:
Logo for Google Drive] <https://drive.google.com>
Linked Doc/ Login Page:

Image of Google Doc and linked Fake Login Form
Image of Google Doc and linked Fake Login Form
Things to Note:

  • Email really comes from a Gmail account (anonymized here as "SomeName")
  • Link in email takes user to a real Google Doc 
  • Google Doc goes to a Forged Office 365 web login
Recommended Action:

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.