Why is this a Phishing message?
What appears to be a global wide-spread Internet worm hit the campus in the form of a phishing email message. The message slipped through normal spam filters as the worm virus spread to email accounts in the "berkeley.edu" domain, so that receipt of the message to campus mailboxes was also widespread.
The message was a forgery of the common message notification received when a Google Doc is shared, but there are a couple of obvious indicators that this message is a fake:
- The recipient address in the message is very suspicious: firstname.lastname@example.org
- The actual recipient's address is included in the "Bcc" line - why would a notification about a shared Google Doc be blind-carbon-copied to someone?
The following announcement was posted to campus concerning this incident: Global Google Phishing Alert
Please contact Campus Shared Services IT by calling 510-664-9000 or email@example.com if you have questions about this incident.
XXX has invited you to view the following document: