We have noticed an increase in phishing messages from file sharing services. Since the messages associated with legitimate file sharing can be brief, it may make these phishing attempts more challenging to recognize. We’d like to share the following phishing examples.
*Please click any image to enlarge.
Example #1 (claiming to be from an NYU student)
![Screenshot of an email dated 2/27/16 with a subject of "Review" stating that [blocked name] used Dropbox to share some information.](https://wp.nyu.edu/itsecurity/wp-content/uploads/sites/2398/2016/03/Screen-Shot-2016-03-07-at-10.47.45-AM-1.png)
Example #2 (claiming to be from an NYU employee)
Example #3
Please be reminded/advised:
- If you’re not expecting to receive a file share, please confirm the legitimacy of the message with the sender prior to opening.
- If a shortened or tiny URL appears (e.g., http://tinyurl.com/zf7z5m) when you hover over an active link to documents in an email message, the email message is not legitimate, as file sharing services do not generate shortened URLs.
- You can always enter shortened URL into http://wheredoesthislinkgo.com/ to see the URL destination.
- NYU Box is the recommended method for sharing restricted information or data whose unauthorized access or loss could seriously or adversely affect NYU, a partner, or the public. For more information, please see: NYU Box: Best practices for sensitive data (permissions and security settings), http://www.nyu.edu/servicelink/KB0013199
- Google Docs. is the recommended method for sharing data that’s public, confidential or protected.
- For a description of data classifications or categories (the classifications/categories include: restricted, protected, confidential & public), as well as specific examples of data in each category, please see: The Data Classification Policy