SCAMMERS JUST FOUND a replacement phishing lure to play with: Google Drive. A flaw has been discovered in the Drive that is being exploited to send seemingly legitimate emails and push notifications from Google that, if opened, could redirect people on malicious websites. The scam itself is nothing new, messages asking you to click on dodgy links are as old as the internet itself but could catch tons of individuals off guard.
The smartest a part of the scam is that the emails and notifications it generates come directly from Google. On mobile, the scam uses the collaboration feature in Google Drive to get a push notification inviting people to collaborate on a document. If tapped, the notification takes you on to a document that contains a really large, tempting link. An email notification is also created by the scammers, to make it legitimate it also comes from Google, also contains a potentially malicious link. Unlike regular spam, which Gmail does a reasonably good job of filtering out, this message not only makes it into your inbox, it gets another layer of legitimacy by coming from Google itself.
The success of email spam filters has left scammers trying to find new ways to urge people to click on malicious links. And Google Drive is pretty accommodating. By default, Drive wants you to understand when someone has mentioned you on a document. During a work setting, this might be a colleague asking you to see over a slide during a presentation or a quick for a replacement project. For scammers, it’s an ingenious way of putting a malicious link right ahead of a possible victim.
People that suffered the scam received Google Drive notifications and email in Russian language or broken English asking them to assist on documents with fake names. These documents also contained a link to a malicious website. One among the websites used for the scam, which was only registered on October 26, bombards people with notifications and requests to click on links to deals and prize draws. Other versions of the scam attempt to lure people to click on links to see their checking account or to receive a payment.
It might not be usual but the scam is effective in getting malicious links into people’s inboxes and devices. Link delivery is usually a challenge for an independent cybersecurity researcher who has been tracking phishing campaigns for five years and who was also targeted by the Drive scam. Emails are closely monitored and scanned by systems meaning an enormous number of spam emails are detected before delivery but Google Drive offers no such protection. Threat actors are always attempting to seek out new delivery methods. And on mobile the phishing method might be particularly effective. “Mobile targeted phishing is on the increase as there are less security controls,” he adds.
A Google spokesperson says the corporation has measures in situ to detect new spam attacks and stop them, but that no security measures are one hundred pc effective. The spokesperson adds that Google is functioning on new measures to form it harder for Google Drive spam to evade its systems. Anyone suffered by the scam can freely report it to Google via the company’s support page.
It’s difficult for Google to try to do anything if the notification is coming from a legitimate account, which is, of course, easy to make , says principal security researcher at cybersecurity firm Kaspersky. He adds that, like all phishing scams, the important thing is to think before you click. Avoid clicking on the untrusted links of any kind when sent from unknown sources that doesn’t seem legitimate to you . If you weren’t expecting to receive it and don’t know the sender, don’t respond.
The novel approach to tricking people into clicking on malicious links is analogous to a scam that planted phishing links into Google Calendar. Therein instance, phishers realized they might cash in on a default setting in Google Calendar that permits them plant their own events laced with dodgy links. like the Google Drive scam, emails and notifications generated by the Calendar scam also came from Google.
Posts on Google community forums and social media suggested that the Drive scam has gone into overdrive in recent weeks, with some people complaining of receiving multiple notifications to collaborate on documents. Many of the documents reported to Google appear to have been deleted for violating its terms of service and were termed as malicious files.
