Phishing is the most common type of email attack we see in the district and such attacks are designed to steal personal information, usually by tricking us into entering our login information on websites posing to be a website we often legitimately use (Google Drive/Docs, Dropbox, etc).
Below are some tips to reference when assessing the legitimacy of a received message (with a focus towards schemes targeting Google Docs users)
- Do I recognize the sender? Would they have a reason to be sharing something with me? If it seems totally out of the blue to you, it's definitely possible the sender's account was compromised. When in doubt, contact the sender directly to confirm if they meant to share something with you.
- Does the shared doc have a generic/vague name? When we share info with colleagues, the title tends to reflect an actual project we're working on. Generic titles like "Secure Message", "Confidential Information", and "e-Document" are all red flags.
An example of a "bad" share message; beware of typos and vague document names as well as messages received directly from users claiming to share a doc
An example of a "good" share; a more descriptive title as well as the sender address being linked to google.com
- If the message looks good at first glance and you click on the link, legitimate Google Drive content should open automatically (since you're already logged in to district Gmail)
- If after you open the message you see a login prompt, be sure to confirm the website address/URL is linked to Google (or the service you're supposedly being linked to), don't always trust how things look:
The site above may look good at first glance, but...
...a peek at the URL shows that it's not Google at all; any login info entered here is compromised
Always be sure the URL contains the site you're supposedly being linked to (in this case accounts.google.com lets us know we're being linked to a Google service)
Nobody's perfect, so if you happen to open a phishing email then attempt to log in to the linked site please submit a help desk ticket asking that your email password be reset. Currently password resets have to go through the district tech team, though we're hoping to provide staff the ability to reset their own Gmail passwords in the future.