Cybercriminals are always attempting to find new delivery methods to lure their victims. Recently, they found a new phishing lure to play with. Hackers were seen launching Google Drive scams with an added layer of legitimacy by having notifications delivered by Google itself.
What has been discovered?
In the recent attack, scammers leveraged Google Drive’s legitimate collaboration feature to trick users into clicking dodgy links.
- Using Russian or broken English language, hackers sent notifications and emails containing malicious links in a shared Google doc to target hundreds of thousands of Google users.
- These push notifications or emails originated from Google’s no-reply email address, making them appear more legitimate.
- According to WIRED, these notifications and emails were related to alluring topics, such as personal notifications, prize scams, and Chrome Search contest 2020.
A reliable way of scamming
In the recent few months, hackers have been violating Google’s terms of service by using its products to host malicious documents and using them for cyber attacks.
- In September, Cisco Talos researchers observed a series of email campaigns utilizing links to malicious documents hosted on legitimate file-sharing platforms to spread malware, such as AveMaria, Gozi ISFB, SmokeLoader, and ZLoader.
- In July, Check Point researchers reported that the attackers were abusing Google Drive to host a malicious PDF document and Google’s cloud services to host the phishing page.
In email-borne attacks, Gmail’s email filtering functionality has been helping victims to some extent. It has left scammers looking for new tricks to get victims to click on malicious links. Google Drive, on the other hand, has some features that sometimes let hackers dupe victims and bypass secure email gateways.