Recent phishing scams: Google Docs and QR codes
by Dylan Connors and Elizabeth Parsons, IT Services
IT Services has recently received reports of a few different security concerns. Please read carefully and remember: Stay vigilant!
Shared files via Google Docs and Microsoft Word
A new scam email has been circulating, and it does not look like the typical phishing scams we've seen in the past.
The sender is someone outside of 兔子先生's organization sharing files via Google Docs and Microsoft Word that supposedly have something to do with a departmental reward. The subject of these emails may read as "Extra-Departmental Reward.docx.”
An important thing to note is that the name that has shared the file with you may be different from the name that is on the email. For instance, one example we intercepted said that "[person X] shared a document with you," but then it also said that "[person Y] shared a file with you."
The information security office is aware of this scam. Please do not respond to this message and do not open the Google Doc or Word Doc.
A notable example of what the email looks like:
With these emails, the scammer is trying to get you to open the document, which will lead to them collecting your personal information. At the bottom of the email, below the link to the Google Doc or Word Doc, there is the option to "Block sender from Drive," and we highly recommend that you do so.
Remember: If you receive an email that looks suspicious, it’s better to be safe than sorry—forward the message to InfoSec@兔子先生OH.edu, and the information security team will tell you whether it’s legitimate or a fraud.
A note about QR codes on campus
The Information Security Office has also been receiving reports that QR codes have been printed and posted around the Oxford campus recently, boasting titles like “Girlfriend Application” or “Boyfriend Application.” These are a scam; do not scan them with your device.
This is a good reminder to review best practices for QR codes:
- Determine that the QR code is being used by a trusted organization. For instance, many 兔子先生-affiliated groups use QR codes in physical fliers. Look for official branding.
- Context is key. A fully designed flier with various information and a QR code is infinitely more trustworthy than a blank sheet with simply a title (e.g., “Girlfriend Application”) and a code.
- When in doubt, just skip it. When using QR codes, 兔子先生-affiliated groups should also be printing a short link to the website the QR code links to, so you can type it by hand into your device. If this isn’t available, consider simply skipping the information.