File Sharing Phishing: How you can Protect Yourself

July 6, 2017 by Justin King

Think before you share.

You may be suspicious of the emails you receive in your inbox daily. Sharing photos and videos of friends and family is fun though. So, what are some things you can do to protect yourself while sharing files? Before you easily agree to share files with a friend through a USB drive or online account, make sure your computer’s anti-virus software is up-to-date. If your friend’s file is infected with a virus, you don’t want to share that as well.

Recently, a widespread email scam was circulated to over a million email accounts spoofing the Google Docs brand. Users received an email, which looked like it was sent from one of their contacts. The message inside said the email recipient was added to Google Docs. When the link to the site was clicked, a Google login screen appeared. If the user entered their user name and password, a malicious program would start granting permission to access the user’s email and contacts.

This phishing attempt was quickly stopped by Google, who disabled the offending accounts and posted notices on their website and on social media platforms, including Twitter. On this site you may learn the latest techniques Google is using to catch hackers and stop phishing. Here is an example of the tips Google offers explaining how to check for a ‘DKIM’:

If you receive an email that looks like it may be phishing, check the dropdown arrow under the sender’s name to see additional details. You will see a section labeled “signed-by.” This field can help determine if an email was shared securely from a service.

The goal is to determine if the signed-by field was generated by a DomainKeys Identified Mail (DKIM) or a service. A DKIM attaches a domain identifier to the signature to display an email generated by a user in the domain. For example, if you received an email from, you would see a DKIM in the signature that looks like this: This is how all emails through a domain are processed.

Emails shared through a service (e.g., Drive, Calendar, Dropbox, Box, etc.) do not have a DKIM. Instead, you would see the signature of the provided service. If something is shared through Dropbox, for example, you would see: signed-by

Google isn’t the only file sharing service to be spoofed. Dropbox has also been a victim of these scams. If you are not familiar with their service, they offer cloud storage and file synchronization for your personal cloud accounts. If you install Dropbox on your computer, the application runs in the background keeping your files in synced and backed up online.

In one of these phishing schemes the spoofed message requested the user to open documents in Dropbox. The message appeared authentic but the sender’s email address was unfamiliar to the user and not someone they had shared files with in the past. The subject line in many of these cases was left blank or it was a nonsensical phrase. You may also want to review Dropbox’ page on protecting your account from phishing and malware at

Another thing to consider before you do agree to share files through the cloud, is the possibility that the files you do not intend to share could accidently land on your friend’s computer. You may have personal files that are private. There could be sensitive items that you meant to save temporarily on your hard drive, which were never deleted. Or you could share unknowingly share a software virus causing harm to their hard drive.

What if documents you received from a friend included copyrighted material and they are added to your file? Are you responsible for the copyright infringement? Well, yes, you are if you are the registered owner of the hardware where the material is located.

Many people utilize peer-to-peer networks at home and at work. Anyone on these networks may access files stored on other network computers. There could be legal implications for unauthorized files that are transferred from one user to another. Files that are copyrighted may include movies, books and music. If these are transferred to other user’s computers, it may be considered as piracy, which is the unauthorized use or reproduction of another’s work.

The penalty for violating the Copyright Act includes an award of damages, which is a predetermined amount of damages between $750 to $30,000 for each work infringed. This may be increased by the judge deciding the case up to $150,000 for willful infringement, or it could also be reduced to $200 for unknowing infringement. In companies where there are hundreds of workers sharing large numbers of files the dollar amount of fines could be severe.

Then what can you do at home and work to protect yourself?

  • Be careful of viewing or downloading any files; do not click on attached files or links to files stored in the cloud from people or companies you do not know.
  • When reviewing your emails keep in mind that it is not normal procedure to have a user provide login name and password for more than one email provider. The email is likely phishing for your information.
  • Be wary of opening messages with unusual subject lines or from contact you know but who address you formally, using your first and last name, or maybe something generic like, ‘Dearest Friend’.
  • Check your online banking and credit card accounts on a regular basis. The easiest time to do this is when your monthly statement comes out. Read through it and see if there are any charges you do not recognize, or amounts that are not correct. If you see something unusual, notify your financial institution right away.
  • Install antivirus software if you haven’t already. There are many options available in a range of prices, including free versions.
  • Keep your software, operating system, and browser up-to-date. New versions are distributed to help prevent the newest methods used by phishing emails and malicious viruses.

You are already taking steps to protect yourself by being aware of the various email scams and learning what to watch out for to prevent your personal information from being stolen. Remember to take extra time when reading your email and stop yourself from automatically clicking on the links. Many phishing emails look exactly as you would expect from popular retailers and nation-wide businesses. Be particular about opening email, especially those you did not request or from senders you do not recognize, and you will keep your personal information secure.

Posted: July 6, 2017
Justin King
View Profile