Fake Debt Collection Google Doc Share

Unknown parties are sending fake Google Doc Shares with an urgent subject line. They usually refer to lawsuits or debt collection.

The bad actor is using the same Google Doc service, so the 'from' email will be the service email (via Google Drive)" <drive-shares-noreply@google.com>. The name of the sender

"Lаthаm & Wаtkins Dеbt ...

"MоrgɑnLеwis© - Suppоrt...

is made to sound official but is fake. 

What makes this a phishing message?

If a sender you have never worked with is sending you very urgent sounding Google doc shares, it is very suspicious.

The phone messages are using scare tactics and urgent sounding language to encourage recipients to click the GDoc link.

This targeted phishing scam uses urgency and fear to cause the recipients to act, threatening loss of service (email).

The most recent frauds have had subject lines like:

• Item shared with you: "Dеbt Раymеnt Rеquirеd Immеdiаtеly - Nоtiсе-ID_"

  Item shared with you: "Pending Legal Action Due to Unresolved Debt"

  Item shared with you: "Last Opportunity to Settle Before Legal Action"

  Item shared with you: "Final Demand Before Legal Proceedings"

  Item shared with you: "Formal Warning: Lawsuit Preparation Underway"

  Item shared with you: "ОnIinе АIеrt - Rеviеw СоIIесtion Lеttеr Nоw"

Tips if Something Seems Off:

• Look at the email before replying. Is it unexpected? Does the request make sense? When in doubt, reach out to the sender, separately, by phone or directly emailing them (not replying to the email).

• The emails that create urgency and fear are usually fake. Scammers may insist that immediate action is necessary and pretend to be a friend, colleague, or another trusted entity

Follow up with the sender separately

If you didn’t expect it, reject it. Or follow up with the individual directly in a separate email or call/text to confirm.

Report and/or flag it 

Open the message

To the right of the 'Reply' arrow select 'More' (typically denoted with three vertical dots)

Then 'Report phishing'

For suspicious messages received by text, please take a screen shot and forward the message to phishing@berkeley.eduFor more information visit https://security.berkeley.edu/resources/phishing

Original Message: