Document shared with you: “FALL FACULTY AGENDA 29 SEPTEMBER 2023.docx” or “Fall 2023 Key Dates, Fees & Registration Updates.docx”

Even if a document sharing email came from a legitimate service like Google Docs or Microsoft 365, you should still look at it carefully to make sure it’s legitimate. In this case, the phisher abused a compromised account from another  university’s Google tenant to send a Google Docs phish. The phisher even used a UVic professor’s name to make the email look more legitimate.

Phishes like these can be trickier to spot, but as a start, be wary of document sharing emails that you weren’t expecting, especially if they don’t come from someone you know. If you spot a mismatch between who sent the file and who the email says the file is supposed to be from, that can often be a sign that it’s not legitimate. Similarly, if the file is supposed to be from within UVic but it was sent by someone outside of UVic, the email is very likely to be a phish.

Google Docs phish that came from outside UVic but claims to be a file from a UVic professor

From: K***** (via Google Docs) <drive-shares-dm-noreply@google.com>
Subject: Document shared with you: “FALL FACULTY AGENDA 29 SEPTEMBER 2023.docx”

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

K***** shared a document

Unknown profile photo

K***** has invited you to edit the following document:

Dr. L****** shared a file with you.

FALL FACULTY AGENDA 29 SEPTEMBER 2023.docx

Open [link]

If you don’t want to receive files from this person, block the sender from Drive.

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
You have received this email because [redacted] shared a document with you from Google Docs. [Google logo]