Catch Of The Week: Google Drive Shared File Phishing

Image of a poorly done Google Drive phishing attempt. Courtesy image

By REBECCA RUTHERFORD
Los Alamos
For the Los Alamos Daily Post

I have seen a lot of phishing attempts in my life, some of them really well done, some of them um…not so great.

Surprise, I declined the attempt to share this.

This is a phishing scam. The notification “hacked crash exposed” is a decidedly not legitimate message from Google. Scammers frequently use alarming, fake file names to trick recipients into clicking malicious links.

While the notification itself does come from Google’s legitimate sharing service, the shared file is malicious and designed to look alarming enough to get you to click. Your account was not compromised just by receiving the notification, but it could be if you open the file or click any links in the shared file. I didn’t even bother opening this, just dismissed it.

What could happen if you do open and interact with this malicious, shared file?

  • Data theft: link could lead to a fake Google sign-in page that steals your credentials and other sensitive information.
  • Malware installation: The link could possibly download malware, spyware, or ransomware to your device.
  • Spam confirmation: Interacting with the document confirms to the scammers that your email address is active, likely leading to more spam and phishing attempts- no thanks.

What to do if you see this notification

  • Do not open the file or click any links! The subject is meant to alarm you and trick you into interaction.
  • I wouldn’t even interact to report, just dismiss the notification; clicking by accident is a risk you don’t need. If it becomes a repeat issue you can look into blocking the sender.
  • If you are concerned, you can perform a Google Security Checkup. Go to your Google Account’s security page to review recent activity and ensure everything is normal.
  • Enable multi-factor authentication (MFA) on your Google account for added security.

Could this be an aftereffect of Google’s recently confirmed data breach? Possibly. The breach is not thought to have exposed any credentials but did expose emails and other basic contact information.

Stay safe online, and if you get shared file notifications from unknown senders, don’t interact, just dismiss the notification. These are scams, they are meant to scare you into clicking, and they will steal your information and possibly hijack your accounts.

Editor’s note: Rebecca Rutherford works in information technology at Los Alamos National Laboratory.

Search
LOS ALAMOS

ladailypost.com website support locally by OviNuppi Systems