With the Phish Bowl up and running I don’t do many posts about phishing emails any more. However one showed up on campus this week that provides such a great teaching opportunity, that I had to write about it.
Here is the offender:
To make things even more confusing, the email links to a legitimate Google Form. Clicking on the Fill Out Form button, does indeed take you to a Google form. Nothing malicious is loaded onto your machine and the form looks like a completely legitimate evaluation form, with one exception. It asks for your Microsoft ID and password.
Any time any form asks you for a password, no matter how legitimate it looks, exit the form immediately. If you do enter your credentials and then realize that you shouldn’t , change them immediately.