Phishing emails that share a link from Google Drive sharing an Evaluation document with you, usually it was targeting entire departments & either had the Dean or the University President’s name included to lend legitimacy – however, this email came from outside of Baylor (likely a compromised Google account). Click the link gave you a log in screen that looked like a legit Baylor site. Entering your credentials would allow the phishers attempts to access your Baylor email & would result in Duo pushes or phone calls arriving on your enrolled device. Please do NOT approve any Duo authentication that you did not initiate – always report them as fraud (if you are using Push, press Deny & it should give you the ‘Submit as Fraudulent’ option) or call the Help Desk & report that you are getting Duo authentication requests that you did not initiate. Below is a screen shot of the phishing email – you can see the subject line with the document name & its odd extension (.doc or .docx are the usually extensions for Word documents) & the fact that it came from Allison B, but mentions Linda Livingstone (it even warns you it is from outside of Baylor).
Best practices when you receive any email, whether you know it is legit or not are:
- Never click links in email or text messages.
- Never provide personal information, including passwords.
- Never authorize a Duo two-factor authentication request that you did not initiate.
- Forward suspicious emails to Abuse@Baylor.edu for analysis.