On Wednesday,  iPad Headquaters issued a warning email to all Johnston students regarding a recent phishing scam. Phishing is the technique of making a fake service  appear to be the real service (email, Facebook, Twitter, PayPal, financial institutions) in hopes to gain personal or sensitive information. This particular scam attempts to mimic a google docs invitation, using real people that you know and with a link to click to view the document. When that link is clicked you are taken to what appears to be a google sign in page, it looks very authentic because the log in is under a Google.com URL. However this not a real domain, rather it is a way for the attacker to steal your email and password.

While this particular attack has been handled, there are some key differences to look for to see if something is phishing, as emails like this are bound to happen again.

I recieved one of these phishing emails and looked through it very closely. At first glance it looks very close to the real thing, but it is far from that.

Note that edits where made in all pictures in the interest of privacy.

The top email is fake, and not sent by Evan Newcomb. His email was not hacked either. The bottom invite is a real invitation. While it is a spreadsheet invitation, all google drive invites share the same format.  The most distictive diffrence is who the email are sent from. The fake email has newcomb.evan listed as the sender, however an actual invitation will have the name spelled normally and “via google docs” in parenthesis. In addition the subject is always “<document name> – Invitation to <edit/comment/view>.”

WhenI opened the fake email I see this:

The most obvious giveaway is the [email protected] in the “to” line. Mailinator is disposable email service and is not owned by Google. Any form of third party email address should almost never appear in an authentic email. Secondly google invites are sent directly to you, meaning you are not in the “bcc” line.

Here is a real invite for reference:

It should be noted that the document name is next to the document icon, but has been blocked out for privacy reasons.

The difference becomes much more obvious. An actual invite email is generated and administered automatically by Google, so it can not be responded to. For this reason a “reply-to” line is included in the details. I am also in the “to” line. Another thing to notice is that the authentic email is signed and delivered by a Google service. Lastly the body of the two emails are very different. The authentic invite looks more complete and professional.

While there are many red flags, the largest red flag is to field in fake email address. Anything remotely close to that address is almost guaranteed to be phishing.

Students that have believe to have phishing emails sent to them are asked to delete them immediately.