How Google Docs, Sheets or Presentations are used for phishing scams

You may have received a strange notification in gmail or via your Google Drive application telling you that you've been mentioned in a comment or something similar. 

But the document itself doesn't ring any bell. However, if you take a closer look at the header of the email, it seems legit. Well, because it is, it's an email from Google.  

Google Docs / Sheets / Presentation Spam Header, 100% legit
Google Docs / Sheets / Presentation Spam Header, 100% legit

Spammers are actually leveraging Google's notification system to distribute their messages. The same kind of spam happens in Google Calendar, as reported by this article in July 2019.

This latest trick, spamming random users with Google Drive mentions, has been reported on the Support Forum. You can follow the thread right here

Google Drive Spam Notifications
Google Drive Spam Notifications

Why do spammers send out Google Docs notifications? 

The Google document mentioned in the email is by itself harmless. 

To the extent of my knowledge, hackers can't do much if you simply open the Google document, due to the built-in security measures inside of Google Drive. What they want you to do (but most people won't go that far, fortunately) is click on a link contained in that document, which leads you directly to a phishing site, which they call a "secure site".

Google Docs phishing attempt, via a Presentation

What should you do if you receive a Google Drive spam notification? 

In gmail, mark the email as spam, which will help fine tune Google's spam filter. You can also report the event to Google and share your experience on the Google Drive Help forum. 

Spammers sharing documents in Google Drive

There's also another form of "sharing" annoyance I'd like to share to conclude this piece: random files landing in your Google Docs

If you want to check whether you've been victim of this other form of "sharing scam", head to Google Docs and filter the files by "not owned by me". Most files have been either shared by people you know or files accessed in the past (for instance some Google Docs shared in a blog article). That's fine. But there might also be files you don't recognize. Your first reaction will be to right click on the file and REMOVE it. But there's a little issue if you're using Chrome, a bug that's been reported in the Help forum

Can't delete Google Docs bug in Chrome

I tried to reproduce the bug and indeed files kept coming back in Google Docs in Chrome while being properly removed in Safari. Please note that files not owned by you won't appear in your Google Drive bin after deletion since this trash folder only contains your own deleted files. 

The purpose of the spammers sharing documents in Google Drive is the same as for the spam notifications mentioned earlier. The document itself can't do much harm in your Drive. It won't spy on other documents or interact with your computer. But it contains a link which they'd like you to click on, for phishing purposes. Simply delete the files, which will also help Google fine tune their spam filters. 





Comments