Professional Documents
Culture Documents
Drive Scam
With the use of remote working and collaborative tools on the rise amid the Covid-19 pandemic, cyber
criminals discover new ways to reach users. In a recent scam, hackers targeted hundreds of thousands of
Google users with fake Google Drive notifications and emails to trick them into visiting malicious websites.
The cyber attack was a new type of phishing scam. A fraudster attempts to mislead the victim into clicking
on a malicious link and giving up personal information or downloading malware. Since the start of the
global pandemic, there has been a substantial increase in online scams, with a 667% increase in Covid-19
related email scams.
As phishing attacks become more common and sophisticated, being able to detect phishing attempts is
business-critical. This article will examine what happened during the Google Drive Scam and identify how
to prevent similar phishing attempts.
The notifications came from an official no-reply Google address, that made them look authentic and
featured a range of messages written in broken English or Russian. For example, some claimed the
recipient had won a prize, whereas other messages prompted recipients to review their financial
transactions.
While phishing scams are nothing new, the use of push notifications caught many users off guard, which
has led Google to focus on implementing new measures to identify malicious use of Google Drive
notifications.
Recap
The Google Drive scam showed that even push notifications aren’t beyond the reach of cyber criminals.
With hackers continually trying out new scams, cyber security leaders need to be proactive and equip
employees with the knowledge to detect threats independently.
Regular cyber security awareness training is fundamental to staying up to date on the latest techniques
scams used by fraudsters. Training based on real-life scenarios and phishing simulations dramatically
reduces an employee’s chance of clicking on a malicious link.