Skip to Content
© Monticelllo |

Beware! This PDF file steals your passwords after you download it

Sketchy data collection practices aside, you might think of Google as some kind of neutral arbiter when it comes to everything on the internet. But between search engine optimization, engagement and paid advertising, nothing could be further from the truth.

The way the system is structured, it’s easy to manipulate results and use the platform for ulterior motives. Case in point, hackers have previously boosted search results for fraudulent Flash Player updates that were used to spread malware. Tap or click here to see how cybercriminals used Google to spread the Shlayer Trojan.

Now hackers are using Google for their activities in a sinister new way, by hosting phishing schemes on Google’s cloud storage servers that were originally designed for files and documents. Here’s how they’re getting away with it, and what it means for your own cybersecurity.

Public cloud storage systems are becoming phishing and malware hotspots

According to a security report from Check Point, a new phishing campaign has been detected that uses Google Drive’s cloud storage system as its base of operations. Researchers say these scammers are using well-known systems like Google Drive and Microsoft Azure as a means of disguising their illicit activities and to make matters worse, Google Drive offers cover for the scam with a legitimate name and brand.

Just because it says ‘Google Drive’ doesn’t mean it’s safe to visit. (Source: Check Point)

This particular campaign, however, mostly uses emails with links to malicious PDF files as a way to get victims to the scammer’s Google Drive account. Once you click on the link, you’re taken to a fake Microsoft login page where you’ll be asked to enter your Office 365 credentials.

Once you do, the data is pilfered and saved by the scammers controlling the campaign.

Tap or click here to see why convincing fake websites are the next frontier for digital scamming.

What makes this scam so dangerous is how easily it can affect ordinary office workers and business people. Getting an email from a colleague with an invitation to edit a document is a fairly normal and harmless occurrence, which means that once hackers control an account, they can pretend to be trusted contacts and spread their phishing scam even further.

Check Point was able to trace the origins of this campaign to what appears to be a sole Ukrainian source using multiple accounts. Whether or not this is a sign of an organized group or lone hacker is unknown.

As for why Google allows this to happen on its platform: It doesn’t, actually. In reality, most users are treated equally, and Google tends to let users upload files without too much concern over what goes in. However, accounts used for cybercrime, fraud and copyright infringement will be deleted and removed once someone flags it.

And you’d better believe that Check Point flagged this specific Google Drive account.

What can I do to avoid getting tricked?

As with so many other email and phishing scams circulating the web right now, the best way to protect yourself is to avoid falling for the scam in the first place. This means avoiding opening emails from unknown senders, verifying with contacts that they actually sent you an attachment and never clicking on external links from emails unless they go somewhere familiar. Here are other important steps to keep yourself from being duped by scammers:

And speaking of passwords, always take the steps to make sure your password is as secure as possible, such as enabling two-factor authentication. Tap or click here to see how to set up 2FA for your favorite online accounts.

Ask me your digital question!

Navigating the digital world can be intimidating and sometimes downright daunting. Let me help! Reach out today to ask your digital question. You might even be on my show!

Ask Me