Once again, users need to remain vigilant while clicking on links and notifications appearing on mobile phones. A new phishing campaign is in the wild that is targeting users with Google Drive links.
Google Drive Phishing Campaign
Reportedly, scammers have waged another malicious phishing campaign exploiting Google Drive. The scam basically exploits the feature that displays push notifications on mobile phones to invite users to collaborate on a shared document.
According to Wired, the scam succeeds in reaching the inbox on Gmail despite its robust filtering. It’s because the scammers abuse Google Drive in this phishing campaign.
The notifications come from Google, hence, appear easily on users’ smartphones, triggering them to tap. Whereas, the sender appears as a no-reply address from Google Drive, that makes the emails appear legit. That’s where the success of this scam depends on.
As obvious, the only reason scammers try new phishing techniques is to lure users to click on malicious links. That becomes achievable if the emails appear legit.
In the recent campaign, using Google Drive can be a pretty successful trick for executing large-scale phishing attacks. Once a user opens a malicious email, the user is likely to click or tap on the malicious link embedded in the email as well.
As described by Wired,
People targeted by the scam receive Google Drive notifications and emails in Russian or broken English asking them to collaborate on documents with nonsense names. These documents always contain a link to a scam website.
These scam websites can be about any random scam scheme. As observed by Wired,
One of the websites used for the scam, which was only registered on October 26, bombards people with notifications and requests to click on links to deals and prize draws. Other versions of the scam try to lure people to click on links to check their bank account or to receive a payment.
Stay Wary of Phishing
Like always, no security strategy ever warrants fool=proof protection against cyber attacks. Especially, in the case of phishing attacks, the scammers keep trying different strategies to evade detection.
Even for the recent campaign, Google has admitted the same. Though, they have assured to further harden Google Drive security to prevent abuse, as their spokesperson told Wired.
Therefore, the onus of online security ultimately lands on the shoulders of the end-users. The more the users stay careful of malicious emails, the better they can fight phishing attempts.