Guru's Verification engine ensures consistency, confidence, and trust in the knowledge your organization shares. Learn more.

07/31/25 - CyberSafe Monthly - Beware of AI-Enhanced Scams and Document Sharing Schemes

SUBJECT: CyberSafe Monthly - Beware of AI-Enhanced Scams and Document Sharing Schemes
DATE: July 31, 2025
SENDER: Information Security & Privacy Office

CyberSafe Monthly header with Gnarls wearing a cybersecurity tshirt

As the digital world rapidly evolves, it’s more important than ever to stay updated on new threats. This month, we’re diving into two key topics that impact us all: the changing role of artificial intelligence (AI) in cybersecurity and the rise of sharing-based phishing scams.

Smarter Scams, Sneakier Tactics

Cybercriminals are leveraging AI to create more convincing and sophisticated attacks. Threat actors are using generative AI to craft personalized phishing emails that sound natural, professional, and generate malicious code at scale. These AI-powered attacks often evade traditional security filters, appearing more legitimate and lacking obvious red flags.

Illustration of a hard drive with 'AI' written on it with 4 shields with locks on them pointing to each side.

Take Action: Tread carefully when you receive unexpected emails that offer a job, free merchandise, or inexpensive service offerings, even if they sound professional and personalized. When in doubt, consider verifying the message through other means, such as Google search, before you click on any links or attachments.

Phishing Through Document Sharing Platforms‌

‌The Information Security & Privacy Office (ISPO) has seen a significant increase in phishing campaigns posing as document-sharing requests from other universities. These emails often claim someone is sharing a Google sheet, form, document, or PDF with you, often related to an application, payment, or invoice.

In this type of scam, cybercriminals craft messages that mimic legitimate notifications from platforms like Google Drive or Microsoft OneDrive, often impersonating faculty or staff to gain credibility. Their goal is to steal your login credentials or install malware when you click on the malicious link.

Screenshot of a Google drive document sharing notification scam.

Take Action: Before you click on any links, consider the following:

  • Unexpected Sharing: Did you request or expect this document? If not, don’t click and forward to ISPO for review.
  • Examine the sender’s email address: Does the domain (for example: @newschool.edu) match the claimed institution and is it a familiar institution and sender?
  • Generic Greetings: Legitimate collaborators typically address you by name and mention specific projects or contexts.‌

Remember: legitimate sharing notifications from Google, Microsoft, and other platforms will come directly from their official domains and typically include specific details about who shared what with you. If you’re unsure about a sharing request, contact the supposed sender through a different method (separate email, phone, or in-person) to verify its authenticity or contact the Information Security & Privacy Office to verify.

General Cybersecurity Reminder

When something seems suspicious, trust that instinct. It’s always better to verify than to become a victim of a cybercrime. If you receive a questionable email or encounter any security concerns, don’t hesitate to contact the Information Security & Privacy Office to report it to IT Central and we’ll make sure it is added to our collection in the Phish Bowl.

REPORT A PHISH

For additional information, visit our Data Privacy page or email the Information Security & Privacy Office at ispo@newschool.edu.

You must have Author or Collection Owner permission to create Guru Cards. Contact your team's Guru admins to use this template.