As part of a Google Drive phishing scam, hackers sent push notifications and emails to thousands of Gmail users, which invited the recipient to collaborate on a Google doc. Users that clicked on the push notifications were taken to a document containing a large link to a malicious website (the emails also featured malicious links).
The notifications came from an official no-reply Google address that made them look authentic and featured a range of messages written in broken English or Russian. For example, some claimed the recipient had won a prize, whereas other messages prompted recipients to review their financial transactions.
While phishing scams are nothing new, the use of push notifications caught many users off guard, which has led Google to focus on implementing new measures to identify malicious use of Google Drive notifications.
What is a Google Drive Scam?
With the use of remote working and collaborative tools on the rise amid the Covid-19 pandemic, cyber criminals discover new ways to reach users. In a recent scam, hackers targeted hundreds of thousands of Google users with fake Google Drive notifications and emails to trick them into visiting malicious websites. The cyber-attack is a new type of phishing scam. In this scam, the fraudster attempts to mislead the victim into clicking on a malicious link and giving up personal information or downloading malware. Since the start of the global pandemic, there has been a substantial increase in online scams, with a 667% increase in Covid-19 related email scams.
As phishing attacks become more common and sophisticated, being able to detect phishing attempts is business-critical. This article will examine what happened during the Google Drive Scam and identify how to prevent similar phishing attempts.
Essential Tips to Avoid Phishing Attacks:
- Don’t open emails from unknown senders:
Never open messages sent by unknown senders. Whenever you receive a new message, inspect the sender’s name and email address to see if it’s someone you recognize. You can also verify the sender’s identity by contacting them in-person or over the phone.
- Don’t Click on Suspicious links:
Be cautious of any links you receive from unfamiliar sources. Malicious links can take you to phishing sites and infect your device. Hovering your mouse cursor over URLs is a great way to check the destination URL.
- Check for suspicious elements on mail:
Carefully read the body text of all emails from unfamiliar sources and watch out for red flags like spelling mistakes, grammatical errors, and any language that promotes urgency. If the message originates from a trusted sender, validate the context and request for relevance. If in doubt, contact the sender via another means.
Regular cyber security awareness training is fundamental to staying up to date on the latest techniques scams used by fraudsters. Training based on real-life scenarios and phishing simulations dramatically reduces an employee’s chance of clicking on a malicious link.