Users Fall Victim to Google Drive Phishing Scams

Spammers have been leveraging popular file-sharing sites like Google Drive for phishing practices away from large corporate filters. The fact that they’re resorting to file storage and synchronization services to carry out their scams has made users lose trust in well-known links. More on this security crisis below.

Users Fall Victim to Google Drive Bait

Users Fall Victim to Google Drive Bait

Spammers Use Google Drive as Bait

The attack process is pretty simple. The recipient who is also the victim, in this case, receives an email or SMS that urges him/her to click it. The text in these emails and SMSes contain links to popular sites like Google Drive, AWS, Azure, and Alibaba. It would never cross the recipient’s mind that these popular links might be infected. Not only do recipients fall into these convincing traps, but they also end up with stolen data or a massive security breaches.

Offering these recipients links to sites they usually trust and click on in a heartbeat, is spammers’ trap. Malware creators have chosen to go with this new approach as opposed to the old-fashioned one of sending links to new domains controlled by attackers. It’s easy to point out why the first method could potentially fail. Recipients could easily avoid clicking on links that they don’t know or haven’t heard of before. But, in the second case, clicking is almost inevitable.

What is Phishing?

Phishing has become one of the most popular hacking techniques nowadays. In a sense, it’s not really hacking. The process centers around tricking a recipient with a bait that would otherwise seem trustworthy. When the recipient falls into the trap, phishers gain access to victims’ personal accounts. That includes their bank and credit card details, credentials, and all sort of information.

Phishing attacks don’t require extensive computer knowledge. Carrying out the attack is needless of coding methods. It’s so easy that cybercriminal rookie can pull it off. Malware developers carry out these attacks for multiple reasons, not just financial gain. Exploiting users’ financial information isn’t the only reason why criminals operate phishing scams. A stalker or a lover could run a phishing scam to find out what you are up to or what you’re doing online.

About Phishing

Increasing Phishing attacks have affected both regular and corporate web users in a big way. Although security firms update their software on a regular basis to detect phishing attacks, malware creators somehow manage to find a loophole. If recipients click on the links and interact with whatever is sent, the consequences can be severe. You see, malware creators are only getting better with time. They’re devising unprecedented ways to beat security software. Now, these Phishing scams have gotten more sophisticated with their attempts. They are currently using popular file storage services as bait. This is why it is important that you learn about top signs of fraudulent phishing email in order to avoid them.

Tips on how to Stay Safe Against Phishing

Here are some tips you might find helpful against phishing attacks.

Beware of Emails

We advise you not to randomly click on any email. Make sure you know who the sender is before you open any. Additionally, you need to make sure each account of yours has a different password. This way, hackers won’t be able to access all of your accounts if that’s the case.

Watch out for Pop-ups

Some phishers carry out their attempts through popups. A hacker might inject a virus into your system. This way whenever you open your bank’s website, a similar-looking pop-up appears. The fraudulent pop-up requests your username and password. We urge you not to enter your personal information in a pop-up.

HTTPS

The majority of banks use HTTPS because it is stronger and safer than HTTP. Make sure that your bank’s website says https:// on the address bar and not http:// and shows a lock icon in the browser address bar.

Use two-factor authentication

Most banks, social media service, and email services make use of two-factor authentication. This means that even if someone stole your password, he/she will not be able to log into your account. This is because there will be another authentication step to identify the user. Normally, such incidents involve the phone, meaning the criminal must have your password and your phone to open your account.

Use a VPN

VPNs like ExpressVPN are the cybersecurity tools you need to stay safe online. Many VPNs come with particular software that blocks malware. Moreover, VPNs encrypt your data in a way no third party can access it. The technology creates a secure tunnel where all your sensitive information is maintained. Generally, VPNs protect you from a number of attacks like phishing. 

Why Use Google Drive?

According to Netskope, the use of public file-hosting sites makes it easier to move from one site to the other. It is easier to jump back and forth when links or uploads are taken down. Criminals and spammers found this method to be more effective instead of wasting time ineffectively when all domains used for criminal purposes get deleted.

Commentary

Netskope suggested the following in its recent research into the case of phishing emails case using common file-sharing and object storage services: “Embedding links to trusted services helps attackers bypass traditional content filters, such as spam filters, which might otherwise block the scams.”

Netskope’s Abhinav Singh released a statement saying: “While currently only being used for long-running scams targeting individuals. These techniques could also be used to target business who use services such as Google Drive. We should begin educating users and putting controls in place to protect ourselves against the onslaught of attackers abusing cloud services.”

Conclusion

Although public awareness of infosec techniques is rising, cybercriminals, spammers, and hackers are finding ways to infiltrate them. In the cyber world of crimes, targeted techniques for phishing and social engineering are gaining popularity. This is why infosec companies must spread awareness regarding this issue. From the looks of it, these those techniques are paying off. You can follow the tips in the what is phishing article in order to stay safe from hackers. A little caution can do your online presence many favors.