Scammers have discovered a new way to deceive users – they use legitimate Google Drive functionality in their operations.
According to The Wired, attackers abuse the functionality of Google Drive and use it to send supposedly legitimate emails and push notifications from Google, which, if opened, could redirect people to malicious websites.The emails and notifications generated by attackers come directly from Google. On mobile devices, the scam uses Google Drive collaboration to generate a push notification inviting people to collaborate on a document. If clicked, the notification will redirect the user to a document containing a very attractive link.
Unlike regular spam, which Gmail filters quite well, such messages not only end up in the victim’s inbox, but also receive an additional level of legitimacy from Google itself.
Users receive notifications in Google Drive and emails, written in Russian or poor English, asking them to collaborate on documents.
One of the fraudulent notifications received by WIRED is related to a Google Slides document created on a Gmail account with a Russian name. The document’s editing history showed that it was copied from another document and was constantly being edited, which indicates that fraudsters are duplicating decoy letters and are constantly trying to attract new victims.
The documents always contain a link to a fraudulent website, one of which, for example, bombards people with notifications and requests to click on links to draw prizes. Other versions of scam sites offer to check bank accounts or receive payments.
By the way, this is far from the first use of Google products for illegal purposes: we have already written that cybercriminals used Google Drive for targeted phishing.