Scammers have just found a new way to rip off unsuspecting users. A flaw embedded in Google Drive is being exploited in the wild, allowing hackers to send seemingly legit emails from Google. These emails arrive using the same address as what Google uses to send updates to its users.
However, when opened, a user could be redirected to malicious websites. For mobile users, the emails arrive as a notification which includes an invite to collaborate on a dubious document. Once opened, the link takes one to a Google Drive document that contains a link to a potentially malicious website. That can be hard for someone whose work revolves around collaborating on documents.
The hackers are also exploiting the same flaw to send email notifications which come from Google with suspicious links attached.
Some Google documents link to a newly created website which contained dubious promotions while others try to lure users into checking their bank account balance or into receiving a payment.
Lots of people have already been targeted using this trick in the past few weeks. One document scam sent to WIRED included a link to a Google Slides document which was constantly being edit and was created by a Gmail account with a Russian name. The document has since been deleted for violating Google’s policies.
In response to the publication, Google says they’re working hard to implement new security measures to detect new attacks and contain them. But as you already know, no security measures are hack-proof.
If the scam targeted you, report it to the company via their support channels.