“Beware a New Google Drive Scam Landing in Inboxes: Scammers are luring people into Google Docs in an attempt to get them to visit potentially malicious websites.”
WIRED, November 1, 2020
By James Temperton, WIRED UK
Scammers just found a new phishing lure to play with: Google Drive. A flaw in the Drive is being exploited to send out seemingly legitimate emails and push notifications from Google that, if opened, could land people on malicious websites. The scam itself is nothing new—messages asking you to click on dodgy links are as old as the internet itself—but could catch a lot of people off guard.
The smartest part of the scam is that the emails and notifications it generates come directly from Google. On mobile, the scam uses the collaboration feature in Google Drive to generate a push notification inviting people to collaborate on a document. If tapped, the notification takes you directly to a document that contains a very large, tempting link. An email notification created by the scam, which also comes from Google, also contains a potentially malicious link. Unlike regular spam, which Gmail does a pretty good job of filtering out, this message not only makes it into your inbox, it gets an added layer of legitimacy by coming from Google itself.
The success of email spam filters has left scammers looking for new ways to get people to click on malicious links. And Google Drive is pretty accommodating. By default, Drive wants you to know when someone has mentioned you on a document. In a work setting, this could be a colleague asking you to check over a slide in a presentation or a brief for a new project. For scammers, it’s a clever way of putting a malicious link right in front of a potential victim.
The scammers are working their way through a huge list of Gmail accounts, with scores of people reporting similar versions of the attack in recent weeks. One of the scam notifications received by WIRED linked to a Google Slides document that had been created by a Gmail account with a Russian name. The document’s edit history showed it had been copied from another document and was constantly being edited, suggesting that scammers were duplicating the scam and adding more people to try and lure in new victims. WIRED contacted the Gmail address linked to the scam document but received no reply. The scam document has since been deleted for violating Google’s terms of service.
About the Author:
James Temperton is the digital editor at WIRED UK. As well as leading the title’s digital strategy, he also reports regularly on the gig economy and the scourge of online disinformation. James is host of WIRED’s award-winning weekly podcast.