Scammers Abuse Google Drive to Send Malicious Links

  • Cybercriminals are sending destructive back links to hundreds of thousands of buyers by using Google Drive notifications.

    Scammers are leveraging a legitimate Google Generate collaboration feature to trick people into clicking on malicious inbound links.

    In accordance to stories,, the new attack stems from Google Drive’s reputable collaboration feature, which allows people to create push notifications or e-mails that invite persons to share a Google doc. Attackers are abusing this attribute to send out cell people Google Push notifications that invite them to collaborate on files, which then consist of malicious back links.

    Since they are despatched by using Google Generate, the notifications occur from Google’s no-reply email address, earning them surface a lot more respectable. Other iterations of the attack are despatched via email (rather of by notification) and include things like the malicious website link appropriate in the email.

    “Interesting TTP utilising Google Sheets, finally ending up with generic prize frauds,” reported a cybersecurity qualified who goes by Jake (or @JCyberSec) on Twitter. “Google sheets slide was shared with an email handle leading to a pop-up notification on mobile.”

    Intriguing TTP utilising Google Sheets, ultimately ending up with generic prize scams🎁

    Google sheets slide was shared with an email handle leading to a pop-up notification on cell.

    Url qualified prospects to 🌐https://clck[.ru/RWen6

    — Jake (@JCyberSec_) Oct 21, 2020

    The attack is targeting hundreds of countless numbers of Google users, according to WIRED. The report explained that the notifications are staying sent in Russian or broken English.

    The Google Travel notifications appear with several lures. Numerous purport to be “personal notifications” from Google Push, with one lure entitled “Personal Notification No 8482” telling the target they have not signed into their account in awhile. These threaten that the account will be deleted in 24 hours until they indicator in through a (malicious) connection. One more, entitled “Personal Notification No 0684,” tells people they have an “important notice” of a financial transaction that they can watch on their particular account, by means of a website link.

    Just one purports to be a run-of-the-mill prize scam that pretends to be component of a “Chrome Look for contest 2020” and tells victims that they are the 5-billionth search and have gained a prize.

    These back links take victims to destructive rip-off internet websites. WIRED documented that 1 these types of web page flooded end users with notifications to click on one-way links for “prize attracts,” whilst other sites asked for that victims simply click on hyperlinks to “check their bank account.”

    Qualified buyers took to Twitter to warn of the frauds, with one Twitter consumer declaring that the only crimson flag of the rip-off was that he was not anticipating a shared doc.

    I’ve received a couple of of these email messages in the past two weeks. It’s a really serious breach mainly because the Google Push/Docs notifications in fact appear from Google’s no-reply email deal with.

    I understood the notifications ended up frauds mainly because I wasn’t anticipating any shared doc. Be very careful men.

    — Abubakar Idris (@IAtalkspace) November 1, 2020

    A Google spokesperson advised WIRED that the enterprise is working on new security measures for detecting Google Generate spam. Threatpost has arrived at out to Google for even further comment.

    With the prevalence of functioning from dwelling thanks to the coronavirus pandemic, attackers are significantly leveraging collaboration and remote-operate tools, together with Google choices. In May well, scientists warned of a sequence of phishing campaigns applying Google Firebase storage URLs. These made use of the status of Google’s cloud infrastructure to dupe victims and skate by safe email gateways. In the meantime, researchers in Oct warned of a phishing campaign that pretends to be an automated message from Microsoft Groups. In reality, the attack stole Office 365 recipients’ login credentials.

    “This scam wave highlights the need to have for buyers to be on the lookout for email-borne attacks,” according to Tripwire scientists. “Organizations can enable their buyers in this regard by educating them about some of the most common sorts of phishing assaults that are in circulation these days.”

    Hackers Put Bullseye on Healthcare: On Nov. 18 at 2 p.m. EDT find out why hospitals are finding hammered by ransomware attacks in 2020. Save your spot for this Free of charge webinar on health care cybersecurity priorities and listen to from foremost security voices on how knowledge security, ransomware and patching need to have to be a priority for each sector, and why. Be part of us Wed., Nov. 18, 2-3 p.m. EDT for this LIVE, confined-engagement webinar.