 
Not content with trying to trick you into clicking dodgy links via email and stuffing your inbox full of spam, scammers are now turning to Google Drive to catch you out.
Google Drive has a useful system built into it that alerts users when a document is shared with them or lets them know about important activity in Drive.
That system sends both emails and push notifications to your phone to keep you in the know. And it's that very system that scammers are abusing to take advantage of unsuspecting users.
It's an unfortunately intelligent scam as the notifications come from Google itself and at first glance can appear perfectly legitimate.
On your smartphone, the notifications appear like another other invite you'd have from colleagues and others inviting you to collaborate on a specific document. The difference is, when you click that link you're taken to a document with tempting links that would take you to dodgy websites.
Normally, this sort of spam wouldn't even make it into your email inbox as they'd generally just get filtered into your spam folder but these Google Drive notifications are getting through the system.
Interesting TTP utilising Google Sheets, ultimately ending up with generic prize scams
— Jake (@JCyberSec_) October 21, 2020
Google sheets slide was shared with an email address causing a pop-up notification on mobile.
Link leads to https://clck[.ru/RWen6 pic.twitter.com/RZPQNxuV0Y
It seems that these scammers are exploiting this method and bombarding long lists of Gmail addresses with plenty of people reporting the problem.
Wired reports that the linked documents are heavily edited and show signs that the scammers are duplicating their efforts to hit as many people as possible.
Google told Wired that it has measures in place to detect these new sorts of scams but if users find themselves targeted then they can report the offending documents here.
Commentaires
Enregistrer un commentaire