Recent Phishing Emails Claiming to be from File Sharing Services

We have noticed an increase in phishing messages from file sharing services.   Since the messages associated with legitimate file sharing can be brief, it may make these phishing attempts more challenging to recognize.  We’d like to share the following phishing examples.

*Please click any image to enlarge.

Example #1  (claiming to be from an NYU student)

Screenshot of an email dated 2/27/16 with a subject of "Review" stating that [blocked name] used Dropbox to share some information.

Example #2 (claiming to be from an NYU employee)

Screendhot of an email dated 2/16/16 with a subject of "Important Notice" with the following text "Hi Valid User, We are receiving messages about being hacked, protect yourself by viewing this Document."

Example #3

Screenshot of an email message dated 2/12/16 with a subject of "Vital Document" with text stating "I just attached a file for you on Google Drive. It's very important". Email attaches a PDF document entitled "DocumentScan".

Please be reminded/advised:

  • If you’re not expecting to receive a file share, please confirm the legitimacy of the message with the sender prior to opening.
  • If a shortened or tiny URL appears (e.g., when you hover over an active link to documents in an email message, the email message is not legitimate, as file sharing services do not generate shortened URLs.
  • NYU Box is the recommended method for sharing restricted information or data whose unauthorized access or loss could seriously or adversely affect NYU, a partner, or the public.  For more information, please see:  NYU Box:  Best practices for sensitive data (permissions and security settings),
  • Google Docs. is the recommended method for sharing data that’s public, confidential or protected.
    • For a description of data classifications or categories (the classifications/categories include: restricted, protected, confidential & public), as well as specific examples of data in each category, please see:  The Data Classification Policy