New Ticketing System

Phishing email - PDF document shared with you

The SPAM tactic is where someone sends you a google doc or PDF. I'll break it down so you can see what these look like, and what to look for (then it'll be very easy to spot these in the future as we'll get many more emails similar to this!).

Typically the subject line is something that'll catch your attention. In this case it's a document shared through google drive.

Subject: Item shared with you: "PAYROLL 2023 UPDATE.pdf"

Sounds important? That's how they hook you. It's always something important/urgent sounding.

Let's look at who it's from:

Well, the name is familiar (and it typically will be, otherwise this spam wouldn't be so effective). Next to the name it shows the email of the sender. That doesn't look right, does it? Our emails always end in @fgsd.k12.or.usThis is the first clue it's SPAM.  Underneath the file link, it also shows that the user is outside our organization.

Now, if you overlook that information, and click on the link, this is what you'll see:

I've marked it up with some important points... it looks fancy... that's a nice looking banner image. But really, someone could put anything in there (it's a google form after all). What stands out is that the form is asking for your login credentials. Your email address and then your password (notice they spell "password" incorrectly... This is to hide this form from Google's anti-spam technology which looks for fields labeled 'Password'). That it's asking for a password is your second clue it's SPAM (technically Phishing).

Under the submit button, Google mentions that you should "never submit passwords through Google forms" (or any forms for that matter). This is the main thing that you should take from this email.

You obviously do not want to put in your credentials here. If you do (and click on submit) then please contact us right away and we'd be happy to help you change your password.

What you could/should do at this screen, is near the bottom of the form, there's a "Report Abuse" link. Click on that link and select the SPAM/Phishing option and click on Submit Abuse Report (it should look like this):

That will train Google that this page is bad, and block others from seeing it eventually.

If you have any questions or concerns, please let us know. We're available at ext 4529 or
Creation date: 3/13/2023 9:01 AM      Updated: 3/13/2023 9:01 AM