On Monday, September 13, 2021, Google will apply a security update to select Google Drive files. This affects files that were uploaded prior to 2017 that are shared with a Google Drive shared link. Google Docs, Sheets, Slides, and Forms aren’t impacted by this security update.
Who is impacted?
Owners and managers of affected files will be notified starting Monday, July 26.
As mentioned in the Technology Global Phishing Alert announcement, UC Berkeley IT teams were able to identify the bMail accounts that were affected by the Google Docs phishing campaign, and revoked access to the malicious app on Wednesday, May 3rd.
The bConnected team is investigating reports about suspicious messages appearing as shared Google Docs. These look like they are coming from internal bConnected users, but are asking for OAuth credentials. Please forward any suspicious looking messages to consult@berkeley.edu.
A targeted phishing campaign was sent this morning to certain bConnected account holders, purporting to be from Chancellor Dirks. If you received the message, do not open the attachment or enter your credentials if prompted. Review Security Basics 101 to learn more about how to protect yourself from phishing attacks.
Campus bMail users, including alumni addresses, are continuing to receive Ransomware messages in their spam folders, which contain virus-laden attachments. If you received a “spoofed” message in your spam folder that appears to be sent from an @berkeley.edu address (even from your own address), but that you do not recognize, do not click on the attachment. Messages appear to contain scanned images, or pictures but are actually viruses.
We have received reports from multiple bMail users who received messages earlier this morning from Mail Delivery Subsystem which stated messages sent from them had been rejected for potential security issues.
If you received such a message, simply delete it. Your account has not been hacked. The original message was forged, and did not come from your account. Since the original contained a virus, Google is rejecting it and sending the mailer-daemon to you.