Google Drive Notifications Used to Send Malicious Links to Users
Cybercriminals have now resorted to utilizing a legitimate Google Drive collaboration feature to trick users into clicking on malicious links.
As per recent reports the attacks have been originated from Google Drive’s collaboration feature, which enables users to make push notifications or emails that invite people to share a Google doc. Attackers are mishandling this feature to send mobile users Google Drive notifications, inviting them to collaborate on documents, which at that point contained ‘malicious links’.
Since they are sent through Google Drive, the notifications originate from Google’s no-reply email address, causing them to appear more legitimate. Different cycles of the attacks are sent using email (rather than by notifications) and incorporate the malignant link directly in the email.
The Google Drive notifications accompany various lures.
Many imply to be “personal notifications” from Google Drive, with one lure named “Personal Notification No 8482” telling the victim they haven’t signed into their account for some time. These undermine that the account will be deleted in 24 hours except if they sign in using a (malicious) link. Another, named “Personal Notification No 0684,” tells users they have an “important notice” of a financial transaction that they can see for their own in their account, using a link.
The attack has focused on countless Google users, as per WIRED. The report said that the notifications are being sent in Russian or broken English.
These links take victims to malevolent scam websites. WIRED detailed that one such site flooded users with notifications to click on links for “prize draws,” while different sites mentioned that victims click on such links to “check their bank account.”
Targeted users took to Twitter to the caution of the scams, with one Twitter user saying that ‘the only red flag’ of the scam was that he wasn’t anticipating a shared doc.
With the generality of working from home due to the Covid pandemic, attackers are progressively utilizing collaboration and remote-work tools, including Google offerings.
Nonetheless, a Google spokesperson told WIRED that the company is dealing with new security measures and is currently making strong efforts for detecting Google Drive spam.