Cybersecurity Blog

Sneaky fake evaluation form found in MRU inboxes – 06/05/20

With the Phish Bowl up and running I don’t do many posts about phishing emails any more.  However one showed up on campus this week that provides such a great teaching opportunity, that I had to write about it.

Here is the offender:

 

 

To make things even more confusing, the email links to a legitimate Google Form. Clicking on the Fill Out Form button, does indeed take you to a Google form.  Nothing malicious is loaded onto your machine and the form looks like a completely legitimate evaluation form, with one exception.  It asks for your Microsoft ID and password.

Any time any form asks you for a password, no matter how legitimate it looks, exit the form immediately. If you do enter your credentials and then realize that you shouldn’t , change them immediately.

 

Leave a Reply

Your email address will not be published. Required fields are marked *