“Old Friend” Google Form Scam

Last month, Skidmore College reported seeing some identity theft scams using Google Docs forms. This week, we’ve just started seeing Google forms used as the “pharming” site behind phishing scams at UD.

Several people reported receiving email that looked like this message:

From: “info centre”
Subject: info centre..
Date: May 9, 2012 5:15:44 AM EDT

Hi,

You have received a private message from your old friend who wished to get back in-touch with you. Please use the UDEL Private link below to login and view your message and possibly get in contact with your old friend.

https://docs.google.com/spreadsheet/viewform?formkey=dGMyGoogleKeyDeletedSoNoOneClicksOnItQ

Sign,
Mrs. Mary. George
413 Academy Street
University of Delaware
Newark, DE 19716
© 2012 University of Delaware

  • Don’t click the link. Just delete this message.
  • Last time we checked, UD was in a part of the English-speaking world that spells center with an “er” at the end, not an “re.”
  • If an alumni office is brokering a possible reconnection between two long lost alum, they usually include the name of the person trying to reach you.
  • Doing a quick UD People Search, we didn’t find any “Mary George.”
  • If someone at UD sends you a Google form to complete, it will have a URL that would start with a string like this one:
    https://spreadsheets.google.com/a/udel.edu/spreadsheet/

    If you’re curious, the pharming phorm looks something like this:
    Old Friend Pharming Phorm

There are plenty of other signs that this is not legitimate email.

Just delete it.

Richard Gordon

One Comment

  1. I lifted the following from the udel/phishing site …

    • If someone at UD sends you a Google form to complete, it will have a URL that would start with a string like this one:
    https://spreadsheets.google.com/a/udel.edu/spreadsheet/
    I am not questioning the intelligence of our general population but I do question their ability to actually read and determine if a link is legitimate. I see it as this …..
    Oh look someone is looking for me…cool
    Oh look it’s google docs, we use that at UD … click,
    Ok, udid, password no problem ……..

    Just think what could have happened if this phisher took 5 extra minutes and actually used a UD logo or made the sign in page look more like the central authentication page.

Comments are closed.