Sketchy data collection practices aside, you might think of Google as some kind of neutral arbiter when it comes to everything on the internet. But between search engine optimization, engagement and paid advertising, nothing could be further from the truth.
The way the system is structured, it’s easy to manipulate results and use the platform for ulterior motives. Case in point, hackers have previously boosted search results for fraudulent Flash Player updates that were used to spread malware. Tap or click here to see how cybercriminals used Google to spread the Shlayer Trojan.
Now hackers are using Google for their activities in a sinister new way, by hosting phishing schemes on Google’s cloud storage servers that were originally designed for files and documents. Here’s how they’re getting away with it, and what it means for your own cybersecurity.
Public cloud storage systems are becoming phishing and malware hotspots
According to a security report from Check Point, a new phishing campaign has been detected that uses Google Drive’s cloud storage system as its base of operations. Researchers say these scammers are using well-known systems like Google Drive and Microsoft Azure as a means of disguising their illicit activities and to make matters worse, Google Drive offers cover for the scam with a legitimate name and brand.
This particular campaign, however, mostly uses emails with links to malicious PDF files as a way to get victims to the scammer’s Google Drive account. Once you click on the link, you’re taken to a fake Microsoft login page where you’ll be asked to enter your Office 365 credentials.
Once you do, the data is pilfered and saved by the scammers controlling the campaign.
What makes this scam so dangerous is how easily it can affect ordinary office workers and business people. Getting an email from a colleague with an invitation to edit a document is a fairly normal and harmless occurrence, which means that once hackers control an account, they can pretend to be trusted contacts and spread their phishing scam even further.
Check Point was able to trace the origins of this campaign to what appears to be a sole Ukrainian source using multiple accounts. Whether or not this is a sign of an organized group or lone hacker is unknown.
As for why Google allows this to happen on its platform: It doesn’t, actually. In reality, most users are treated equally, and Google tends to let users upload files without too much concern over what goes in. However, accounts used for cybercrime, fraud and copyright infringement will be deleted and removed once someone flags it.
And you’d better believe that Check Point flagged this specific Google Drive account.
What can I do to avoid getting tricked?
As with so many other email and phishing scams circulating the web right now, the best way to protect yourself is to avoid falling for the scam in the first place. This means avoiding opening emails from unknown senders, verifying with contacts that they actually sent you an attachment and never clicking on external links from emails unless they go somewhere familiar. Here are other important steps to keep yourself from being duped by scammers:
- Make sure you’re using sophisticated passwords, and don’t reuse them between different accounts. Tap or click here to find out how to create strong passwords.
- Again, be cautious with messages from unknown senders and check the URLs closely. Take this quiz to see if you can spot scams.
- When in doubt, navigate to trusted websites manually in a new tab or window, without clicking any links.
And speaking of passwords, always take the steps to make sure your password is as secure as possible, such as enabling two-factor authentication. Tap or click here to see how to set up 2FA for your favorite online accounts.