Cyber Threat Alert: Google Drive Scam

By DoIT Communications


Date Released: 11/11/2020

 

Google Drive Scam

 

Hello All,

 

Please be skeptical if you receive an unexpected notification on your phone or an email saying that somebody invited you to collaborate with them on a new Google Drive document or sheet, especially if the collaborator is a non-stonybrook Google account. I am writing to bring your attention to an ongoing cyber attack leveraging Google’s useful and easy to use collaboration features that continues to grow in popularity among scammers.

 

Instead of sending an email directly to your inbox with a suspicious link, these scammers are sharing a file via Google Drive which contains the suspicious link. This is a clever twist because when someone shares something with you via Google Drive, the email or app notification does come directly from Google, but it’s what’s inside the shared file that poses a risk. What makes this extra effective is that Google’s collaboration feature may initiate a notification prompt on your mobile device if you are signed in. Many of us tend to be less suspicious of notifications coming through on our smartphones and may be more inclined to click the link without realizing it is a phishing attempt. 

 

Google has acknowledged the attack and promises a fix, but in the meanwhile, these notifications should be treated as regular spam email messages. You can report any suspicious activity you observe to phishbowl@stonybrook.edu

 

Further information on the attack can be found on Threatpost or Wired

 

Thank you for your diligence and attention to this matter.