A new scam is taking advantage of Google Drive to evade Gmail’s anti-spam measures, and fill our inbox with notifications to shared documents that may contain malicious links. So pay attention before you click.
The notification is legitimate and comes from Google, the shared document is the real problem.
One of the main ways to identify a phishing email is by looking at the sender’s email address for suspicious things, but when the message comes from a legitimate Google address, you need to look closer.
It’s a new phishing campaign that is taking advantage of a bug in Drive to send push notifications via mobile, notification emails to Gmail, and in other cases even receive the spam in the company’s workspace.
The messages are in English or Russian, and contain quite prominent links, perhaps this is enough to raise suspicions in many users, but for others not, and easily this type of scams can evolve to be more convincing tomorrow and speak in your language.
Unlike spam in Gmail, which Google filters very well, these messages arrive directly not only to your inbox, but also to your mobile and other Drive-connected services. The problem is that since Drive always wants to keep you informed when someone mentions you in a shared document, the filters don’t act the same, because the sender will be the same Google.
And, it’s also difficult for Google to stop the notification if it actually comes from a legitimate Gmail account, which are very easy to create. Something similar happened with Google Calendar in 2019 when a phishing campaign took advantage of an automatic Google calendar function to fill up our fake event notification application.
If you receive one or multiple of these notifications you can report them to Google on the support page. The good news is that at least it seems that Google is acting fast to remove the Drive documents containing the malicious links, but that doesn’t stop you from always thinking twice before clicking anywhere.