Phishing attacks take new form

Since Nov. 1, hackers have sent approximately 5,000 emails containing links to fake Google Drive or Docs login websites to many @ncsu.edu email accounts in an effort to steal users’ account passwords. Twenty NCSU Unity accounts have been compromised so far by these new phishing attacks.

The phishing email has a subject like “Important Document” and includes the standard Google doc sharing message like, “I’ve shared an item  with you,” with an enclosed link that directs users to a fake Google login Web page.  The phishing attack often starts with one user account being compromised and then the attacker sends phishing emails to the contacts of the compromised user.

These “look alike” Google Drive or Google Docs login websites feature Google’s logos and colors. But if you look closer, the URL is not google.com. By hovering your mouse over the link, it is possible to see where the URL really goes. If a link doesn’t start withhttps://drive.google.com or https://docs.google.com, it is a fake. Often the links to phishing sites are not secure and start with http://and not https:// (i.e. secure site).

To help you recognize these types of phishing attacks, Security and Compliance have provided examples of some phishing sites at Google Docs Phishing Gallery. In each image, the URL is clearly not from Google.  

If you receive a phishing email, please forward it to abuse@ncsu.edu or call the NC State Help Desk at 515-HELP (4357). The Help Desk staff will never ask for your password via email or over the phone.