Phishing Email Scam: Shared File

Phishing Email Breakdown 

This phishing attempt pretends to be a legitimate notification about a shared file. It prompts the recipient to click a “Preview Documents” link to view the file. After clicking the link, the user is redirected to a fake Microsoft login page designed to steal their login credentials. 

Visual Example of the Phishing Email 

Full Text from the Phishing Attempt 

{name} has shared a protected Documents with you! 

Preview Documents 

Cheers, 

Thank you again, 

How to Protect Yourself? 

1. Verify the Sender: Always verify the identity of individuals claiming to be someone important, especially if the message seems out of the ordinary and asks for personal information. 
2. Avoid Clicking on Suspicious Links: Hover over or copy the link to view the complete domain name. Scammers often create URLs that resemble authentic ones by inserting subtle misspellings or extra characters. If the link looks suspicious, it’s safer to visit the official website directly or use a reputable search engine to find the correct webpage. 
3. Review Grammar and Punctuation Carefully: If a message is filled with spelling mistakes, inconsistent sentence structure, or odd phrasing, it may indicate a phishing attempt. 

Important Notes: 

1. Report Suspicious Messages: Reporting phishing attempts helps prevent others from falling victim to these attacks. Send suspicious messages to is-spam@mcmaster.ca for review and investigation. 
2. Educate Yourself: Learn about common phishing tactics. Consider participating in the Information Security Training Program to protect against cyber threats and secure your digital world.