Google Drive is not protected against fraud. Criminals have found a loophole to lure users to malicious websites. You should know about the current Google Drive Scam to protect yourself.
Phishing attacks are always deceitful: Fraudsters send an email and entice users to click on a link – to steal data with the website behind it or to install a Trojan.
In most cases, these fake e-mails can be quickly and easily detected, for example if the sender is dubious.
But Google Drive now makes exactly that no longer possible through a gap. Criminals have developed a trick for which they use not a fake but a legitimate email from Google.
Google-Drive-Scam enables perfidious Phishing attacks
The file hosting service allows you to send e-mails and notifications to other drive users. Finally, Google Drive has a collaboration function.
So when a user creates a document on Google Drive, they can invite other users to contribute to the document. In this case, a push notification or email will be sent to invite other users to collaborate on a shared document. And it comes, quite legitimately, from Google itself.
If you click on this e-mail and follow the link to the editing invitation, you will of course open the shared document and gain access to its editing. In this way, the fraudsters lure you with an attractive and genuine looking link. But in reality, this is a malicious site or trap.
Users do not end up in a document, but on a website where they are inundated with purchase requests.
Google-Drive-Scam: Spam filters do not protect
This is not the first time that hackers use collaborative documents for their scams. According to the online magazine Wired, fraudsters are now increasingly trying to use new phishing methods to circumvent the spam filters in e-mail programs.
Thanks to them, dangerous e-mails are now rarely delivered to our regular mailboxes.
The e-mails for the Google Drive Scam do not end up in the spam folder, but in the inbox – because they come from Google itself and are therefore authentic.
Criminals make a professional impression
In order to appear as respectable as possible, the criminals put the Google Drive Scam in a professional light. Finally many users use the service in the working environment.
Wired writes that potential victims are to collaborate on strangely named documents. The magazine has noticed how the e-mail requests are duplicated and slightly modified. This suggests that the scammers are working off a long list of Google Drive users.
Other attempts at fraud are said to be raffles and special offers. In this case the fraudsters try to lure people with account checks and payment orders. So in the worst case you will be cheated for your money.
The scam itself may not be very sophisticated. But if you don’t suspect anything bad, you can easily fall for the scam.
Google-Drive-Scam: You should know this to protect yourself
To protect yourself, you should only open drive documents if you know the owner of the document. Allegedly, the criminals prefer to use Russian names for the Google Drive Scam.
So don’t open any files that seem dubious to you or that you have nothing to do with. If in doubt, ask your colleagues whether they have sent you an invitation to drive collaboration.
Another tip: Pay attention to the language selection. Wired reports that e-mails often contain grammatical errors. So far, the scammers seem to be mainly active in English-speaking countries. But it is conceivable that they will extend the scam to other regions.
Google is currently working on filtering out the drive mails as well as possible. But there is no 100 percent guarantee. If you receive such a phishing mail, please report it to Google Support.