Phishing Alert: Item shared with you: "filename varies.pdf"

Some U-M community members reported receiving this email. It is fraudulent or malicious. Do not respond, click any link in it, or provide personal information or money. See Phishing & Scams for more tips. If you need help, contact the ITS Service Center.

Date Sent: 
Tuesday, December 6, 2022

A compromised or burner GoogleSuite account is used to upload a phishing document to Google Drive. Google Drive is then used to share the document with targeted recipients. The email notification comes from Google's Drive robot email address, which leverages Gmail's sender reputation and is indistinguishable from other legitimate Google Drive notifications.

What to watch for:

  • The document is shared by an external, non-umich user, yet purportedly on behalf of U-M President Santa J. Ono or other well-known U-M identity.
  • The email is sent and cc'd to multiple recipients.
  • The shared document has a distinctive file name (reflected in subject lines). For example, "NOV_DECResources.pdf" or "NOV_DEC Faculty and Staff Performnce Review.pdf."
  • The text in the message body/sharing comment fraudulently references a U-M identity. For example, "Santa J. Ono has share a file with you that required urgent review."
Phishing Email or Site Screenshot: 
Screenshot of fraudulent email boy that shows it is from an external, non-umich user.