Hidden Google Drive

To help protect you against malicious links, most e-mail clients have filters that flag suspicious-looking e-mails. To bypass these filters, cybercriminals often create malicious content using well-known platforms such as Google Drive, and then use the platform’s share feature to distribute their content. Since these platforms are so widely used, your built-in e-mail filters typically do not recognize that this content is malicious.

In a recent phishing attack, scammers are using a phony notification from DocuSign (a popular electronic agreement service) that actually includes a link to a malicious Google Doc. The fake notification states that you have an invoice to review and sign. If you click on the included View Document button, you’ll be taken to what appears to be a DocuSign login page that asks for your password. In reality, the button leads you to a Google Doc disguised as a DocuSign page, and any information entered on the document is sent directly to the bad guys.

Don’t fall for this trick! Remember:

• Never click on a link or download an attachment in an e-mail that you were not expecting.
• If you think the e-mail could be legitimate, be sure to hover over the link (or button) to preview the destination. Look for discrepancies, such as a DocuSign e-mail using a Google Drive link.
• When an e-mail claims to include an invoice, try to find evidence of the transaction elsewhere, like on your bank or credit card statements.