The shared document phishes can get tricky to spot as the sender email address is a standard Microsoft sharepoint address. Hence, it becomes difficult to find out whether the document shared is phish or not. In such cases, first and the foremost thing is to think if you were expecting such document to be shared, do you know the sender (identified by sender name) if yes then confirm with the sender by other means of communication. If a UVic user will send a shared document from their online sharepoint, then the link will be hosted on ‘https://uvic-my.sharepoint.com/’ which is not the case for the link in this phish email. Always check the link by hovering over the link, never by clicking the link.
