Phishing Alert: Google Docs Phishing

Threat Level: Low
Threat Type: Phishing
Advisory Date: 07/13/2023

Description

The University of Regina has received emails from Google Docs users sharing a malicious document.  These emails can be difficult to block because they come from the generic Google Docs email account.

They can come from a Google Account made to look like a member of staff, but will typically have an external email address associated.

The shared doc will be a Google Docs document that either links to a malicious page or is itself malicious.  Often the page or link will be a fake login page which records user credentials.

An example email message reads as:

ledwards@starkvillesd.com shared a document

ledwards@starkvillesd.com has invited you to view the following document:

FWD:User Name shared a file request using one drive.

FACULTY EVALUATION.docx

ledwards@starkvillesd.com is outside your organization.

Open

If you don't want to receive files from this person, block the sender from Drive

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
You have received this email because ledwards@starkvillesd.com shared a document with you from Google Docs.

Impact

This style of phishing attack can be difficult to identify for users who often use Google Docs to share files and might be expecting similar emails.

The documents themselves aren't typically malicious but if the user doesn't recognize the document as being malicious, the linked pages can steal credentials or link to other types of malicious pages.

Resolution

Simply ignore the request and delete the email; if the document is sent from an unknown address, you weren't expecting a document to be shared or the email seems suspicious.

If you are uncertain about the legitimacy of an email message, forward the email message as an attachment to the IT Support Centre for verification.

In addition, you can report any Google Docs document yourself by clicking the Google Docs "Help" Menu and selecting "Report abuse/copyright"

Resources

These types of phishing attempts succeed because they rely almost entirely on deceiving users, it is recommended you learn their tactics by taking information security awareness training so you can spot these attempts with ease.

You can also review our Phishing Information page to learn about the common indicators of a phishing message.

Questions or concerns? Contact IT Support for assistance:

    Email: IT.Support@uregina.ca
    Phone: 306-585-4685
    Toll-free in Canada: 1-844-585-4685
    In person at ED 137 or Archer Library