These documents always contain a link to a scam website. People targeted by the scam receive Google Drive notifications and emails in Russian or broken English asking them to collaborate on documents with nonsense names.
The scam document has since been deleted for violating Google’s terms of service. WIRED contacted the Gmail address linked to the scam document but received no reply. The document’s edit history showed it had been copied from another document and was constantly being edited, suggesting that scammers were duplicating the scam and adding more people to try and lure in new victims. One of the scam notifications received by WIRED linked to a Google Slides document that had been created by a Gmail account with a Russian name. The scammers are working their way through a huge list of Gmail accounts, with scores of people reporting similar versions of the attack in recent weeks. For scammers, it’s a clever way of putting a malicious link right in front of a potential victim. In a work setting, this could be a colleague asking you to check over a slide in a presentation or a brief for a new project. By default, Drive wants you to know when someone has mentioned you on a document. And Google Drive is pretty accommodating. The success of email spam filters has left scammers looking for new ways to get people to click on malicious links. Unlike regular spam, which Gmail does a pretty good job of filtering out, this message not only makes it into your inbox, it gets an added layer of legitimacy by coming from Google itself. An email notification created by the scam, which also comes from Google, also contains a potentially malicious link. If tapped, the notification takes you directly to a document that contains a very large, tempting link.
On mobile, the scam uses the collaboration feature in Google Drive to generate a push notification inviting people to collaborate on a document. The smartest part of the scam is that the emails and notifications it generates come directly from Google. This story originally appeared on WIRED UK.
0 kommentar(er)
