Scammers use Google Drive functionality to spread malicious links

Scammers use Google Drive
Written by Emma Davis

Scammers have discovered a new way to deceive users – they use legitimate Google Drive functionality in their operations.

According to The Wired, attackers abuse the functionality of Google Drive and use it to send supposedly legitimate emails and push notifications from Google, which, if opened, could redirect people to malicious websites.

The emails and notifications generated by attackers come directly from Google. On mobile devices, the scam uses Google Drive collaboration to generate a push notification inviting people to collaborate on a document. If clicked, the notification will redirect the user to a document containing a very attractive link.

Unlike regular spam, which Gmail filters quite well, such messages not only end up in the victim’s inbox, but also receive an additional level of legitimacy from Google itself.

The success of email spam filters has left scammers looking for new ways to get people to click on malicious links. And Google Drive is pretty accommodating. By default, Drive wants you to know when someone has mentioned you on a document. In a work setting, this could be a colleague asking you to check over a slide in a presentation or a brief for a new project. For scammers, it’s a clever way of putting a malicious link right in front of a potential victim.write The Wired journalists.

Users receive notifications in Google Drive and emails, written in Russian or poor English, asking them to collaborate on documents.

One of the fraudulent notifications received by WIRED is related to a Google Slides document created on a Gmail account with a Russian name. The document’s editing history showed that it was copied from another document and was constantly being edited, which indicates that fraudsters are duplicating decoy letters and are constantly trying to attract new victims.

Threat actors are always attempting to find new delivery methods. On smartphone the phishing method could be particularly effective. Mobile targeted phishing is on the rise as there are less security controls.says Jake @JCyberSec on Twitter β€” an independent cybersecurity researcher.

The documents always contain a link to a fraudulent website, one of which, for example, bombards people with notifications and requests to click on links to draw prizes. Other versions of scam sites offer to check bank accounts or receive payments.

By the way, this is far from the first use of Google products for illegal purposes: we have already written that cybercriminals used Google Drive for targeted phishing.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply