![]() Targeted users took to Twitter to warn of the scams, with one Twitter user saying that the only red flag of the scam was that he wasn’t expecting a shared doc. ![]() WIRED reported that one such website flooded users with notifications to click on links for “prize draws,” while other websites requested that victims click on links to “check their bank account.” These links take victims to malicious scam websites. One purports to be a run-of-the-mill prize scam that pretends to be part of a “Chrome Search contest 2020” and tells victims that they are the 5-billionth search and have won a prize. Another, entitled “Personal Notification No 0684,” tells users they have an “important notice” of a financial transaction that they can view on their personal account, via a link. These threaten that the account will be deleted in 24 hours unless they sign in via a (malicious) link. Many purport to be “personal notifications” from Google Drive, with one lure entitled “Personal Notification No 8482” telling the victim they haven’t signed into their account in awhile. ![]() The Google Drive notifications come with various lures. The report said that the notifications are being sent in Russian or broken English. The attack is targeting hundreds of thousands of Google users, according to WIRED. “Google sheets slide was shared with an email address causing a pop-up notification on mobile.” “Interesting TTP utilising Google Sheets, ultimately ending up with generic prize scams,” said a cybersecurity expert who goes by Jake (or on Twitter. Other iterations of the attack are sent via email (instead of by notification) and include the malicious link right in the email. Attackers are abusing this feature to send mobile users Google Drive notifications that invite them to collaborate on documents, which then contain malicious links.īecause they are sent via Google Drive, the notifications come from Google’s no-reply email address, making them appear more legitimate. Scammers are leveraging a legitimate Google Drive collaboration feature to trick users into clicking on malicious links.Īccording to reports, the recent attack stems from Google Drive’s legitimate collaboration feature, which allows users to create push notifications or emails that invite people to share a Google doc.
0 Comments
Leave a Reply. |