[nsp-sec] Google to the WCP please

[Daniel Schwalbe]

Fresh Phish - some joker trying to harvest our login credentials:

https://docs.google.com/forms/d/1LlGrxDuD4g3eFWx9eTNi0Uru-vCFirbHC4Q3cTCv8CU/viewform?pli=1

Already reported as abuse via the link at the bottom of the page. UW is a Google Apps for Education customer, so we can't easily blacklist the URL, plus tons of people read emails and click links from mobile carriers anyway.

If this could be yanked expeditiously, I would greatly appreciated it. We just got done disabling about 1000 credentials from a separate phishing run over the weekend, I reeeeally would prefer not to have to do another one so soon.

The answer is probably "no", but if we could get the "NetIDs" of the poor saps that fell for this one so far out of the contents of this form, that would be awesome. 

Oh, and for what it's worth, it looks like they are also tracking deliverability via embedded image link:

https://encrypted-tbn3.gstatic.com/images?q=tbn:ANd9GcQD_dBqISpBsFBFeA2TmAG8n8w186siUzbNi4DG2kXzd-lErYENkA


Many thanks in advance,

	-Daniel

--
Daniel Schwalbe, CISSP, CISM, CIPP, CSFA Assistant Director - Office of the CISO University of Washington Phone +1(206) 685-8210 | Email dfs at uw.edu