A phishing attempt was sent to a number of users on campus. The subject line of the email contained the phrase “Documents” or “View this Document.” The email tells users that a Google Document was sent to them and to click the link to view the document. The link will take you to a webpage that looks like a Google Drive sign-in page.
Do not click on the links in these emails. If you have already done so, immediately change your password using Password Manager at https://password.smcm.edu.
This scam is an especially convincing and detailed phishing attempt. The following tips will help you decide if the email you received is legitimate:
- Hover over the link to verify the URL is actually a Google Doc page. A Google Doc link usually begins with https://docs.google.com/. Any other URL is a sign that it is a phishing attempt.
- Poor grammar, generic language, and emails sent to hidden addresses are all indicators of a possible phishing attempt.
- If you are already logged into Google, you should not be asked to log into Google again to view a Google Doc you were sent. Being taken to a log on page when you are already signed in is a sign of a phishing attempt.
- Google has removed all the fraudulent sign in pages that were reported; however, more pages can be created by hackers. Always use caution when clicking on links in emails.
- If you received an email like the one described above (particularly if you were not expecting a document to be shared with you), it is good practice to check with the sender by phone or separate email message to see if they did share a specific document with you.
Please report this email as a phishing attempt to Google. More information about phishing as well as instructions to report phishing can be found on Google’s About Phishing support page.
If you have any questions or concerns, please contact the IT Support Center at x4357 or open a ticket at http://itsupport.smcm.edu.