Shared Document Emails Can Be Traps

Don't open or log in to suspicious shared documents.

Shared documents aren't always what they seem. Before entering your password to open a shared document, do a quick check to be sure it is safe. Many emails directing you to shared documents are phishing emails that try to steal your password and compromise your computing account.

What to Check

  • Does the URL look right? Hover over the link to the shared document with your mouse to see the URL (in Google Mail, it will be shown in the lower left corner of the window).
  • Does the login screen look right? Don't enter your UMICH password unless you are sure it is safe. Always Look Before You Log In.
  • Are you expecting the document? Be suspicious of unexpected emails sharing documents you aren't expecting. If you aren't sure, contact the sender (preferably via text message, phone, or an alternative email address) and ask if they shared a document with you.
  • Do you know the person sharing it? Consider the message suspicious if you don't know the person the message is from. Be aware, though, that phishers often use compromised accounts to send their messages, and they can also forge the sending address. If you feel at all unsure, call the person and ask if they shared a document with you.
  • Can you tell what the document is? Is it clear to you from the document title and message what the document is and why it is being shared with you? Phishers often send vague messages that just say a document has been shared with you. They rely on your curiosity. Don't open suspicious shared documents just to see what they are.
  • Beware of flattery. Faculty at U-M have, for example, received customized emails complimenting their research and asking them to look at a shared document related to it. If it looks suspicious, don't log in.

For examples of phishing email, including shared-document phishes, see Phishing Alerts

 

Think You May Have Been Caught?

  • Did you log in and get nowhere? Did you open a shared document link, enter your password, and end up on a login page with nothing filled in? If so, your password was likely stolen.
  • Did you log in and reach a page that made no sense? Did you open a shared document link, enter your password, and get directed to a web page that had nothing to do with your work or the work of the person the document sharing email appeared to be from? If so, your password was likely stolen.

If you gave personal information, such as your password, in response to a phishing email or on a suspicious webpage, your account may be compromised.