We’ve seen a new spear phishing attack on UD email accounts this weekend that tries to use a Google Form to harvest the account information from unsuspecting UD students, faculty, and staff. The email looks like this:
From: UD Support Team <msilcox@ashland.edu>
Date: Fri, Jul 10, 2015 at 6:24 PM
Subject: Validate!
To:Hello UD™ User, We’re experiencing technical issues with your mailbox,
kindly visit our Validation Form! Click Here to validate
If you missed the fact that the email address from which this message was sent is not a udel.edu address and clicked the “Click Here” link, you would see a Google Form that includes official UD colors and logos scraped from UD websites.
As if the non-fluent English (yellow highlighting) isn’t enough, look at the two warnings (red arrows) on the Google Form itself. It’s a scam! (Click image to see full-sized screenshot.)
There are plenty of signs that this form was built by someone not fluent in English–for example, referring to the “Administrator network” [sic]. We have highlighted several of those in yellow on the accompanying screenshot. And Google itself warns you not to submit passwords using a Google Form. But because the colors and graphics look right, some people may complete the form and surrender their UDelNet account information to the scammer.
Bottom line? If you’re in a hurry, you could fall for this one. But if you take a moment and notice the sender’s email address, the exclamation points in allegedly official email, and the request to “Click Here,” you should be suspicious. And if you went to the Google Form, just taking a minute to examine it should identify it as fraudulent. So….
Note: All Google Forms contain a Report Abuse link for situations like this one. If you ever see a Google Form asking for passwords or other personal information, use the link to report the form. Google does take down forms that are found to be used for abusive purposes.