Google Drive Notification Trap: A New Twist on Phishing

Google Drive Notification Trap: A New Twist on Phishing

Always check the URL of the page before entering your password

In 2020, a new scam appeared that misused Google Drive's notification feature. Scammers would create a document with harmful links, then invite their target to work on the document. When invited, the target got a real email from Google, making the scam seem legitimate. If the target clicked on the harmful link in the document, they might give away their personal information. This scam was effective because it played on emotions, using the trust in Google's notifications and the desire to help.

The victim will view the document, read the comments, and feel flattered at they’re being asked to collaborate. Then, the victim will click one of the malicious links, visit the phishing site, and enter their login credentials or other personal data.

This scam is particularly clever because it exploits Google’s email notification system for added legitimacy. Such notifications come straight from Google and are unlikely to trigger a spam filter.

But like all social engineering attacks, the Google Drive collaboration scam plays on the victim’s emotions: in this case, the pride and generosity we might feel when called upon for help.

Want to see a screenshot of a similar attack? Check here: