In a file-sharing phishing attack, the attacker uses popular Cloud file-sharing services like Google Drive, Dropbox, and others to distribute malicious files to their targets. They use fake sender name description to create the perception that the message is coming from someone you know. As the message originates from well-known Cloud services, it can often bypass traditional email protection mechanisms, making the attack more likely to succeed.
Here are some critical points to remember when receiving a file-sharing email message:
Unexpected File Sharing: Be cautious if you receive an email message sharing a file that you were not expecting. Ask yourself if it is normal for this person to share files in this manner. Take a moment to check with the sender before opening it.
Verify the Sender: It is important to verify the sender who shares the file, especially when the sender’s domain is different from polyu.edu.hk or connect.polyu.hk. Double-check the sender’s address or message content for any error or inconsistencies. Always confirm with the sender through a different communication channel, like a phone call or separate email.
Scan the File: Before opening any shared file, always scan it with up-to-date antivirus software. This can help detect and prevent malware from infecting your device.
Report Suspicious Emails: If you receive a suspicious email, do not click any links or download any files. Report it immediately to the IT HelpCentre.
If you need further information or assistance, please contact the IT HelpCentre (Tel: 2766 5900, WhatsApp / WeChat: 6577 9669) or reach out to us via the IT Online ServiceDesk.