The mode of delivery is always varied and updated by cybercriminals to lure their victims. Recently, a new method of phishing was discovered to lure innocent victims. Google drive scams were seen being executed by hackers with an added layer of legitimacy by having notifications delivered by Google itself.
The Discovery –
Google Drive’s legitimate collaboration feature was leveraged by scammers in a recent attack to trick users into clicking dodgy links.
- To target hundreds and thousands of Google users, hackers sent notifications and emails containing malicious links in a shared Google doc using Russian or broken English language.
- These push notifications or emails originated from Google’s no-reply email address made them look more legitimate to the users receiving it.
- These notifications had subject lines that were lucrative, such as personal notifications, prize scams, and Chrome Search contest 2020.
By using google’s products to host malicious documents and using them for cyber-attacks, scammers have been violating Google’s terms of service in the recent few months.
- Researchers noticed a series of email campaigns executed malware, such as AveMaria, Gozi ISFB, SmokeLoader, and ZLoader was being spread by utilizing links to malicious documents hosted on legitimate file-sharing platforms.
- Another group of researchers reported abuse of google’s – Google Drive service to host a malicious PDF document and Google’s cloud services to host the phishing page.
Gmail’s email filtering functionality has been of some help to the victims when it comes to e-mail borne attacks. It has made scammers search for new ways to get victims to click on their malicious links. Google Drive has some features that are being manipulated by attackers to fool victims and bypass the email gateways.
To read more, please check eScan Blog
