A new Google Drive phishing scam hit our email servers late last week. It comes from hacked email accounts to make the messages seem legitimate and the links in it take you to hacked websites that try to get you to provide your Google account info.
How Does a Phishing Scam Work?
In a phishing scam, the spammer sends you an email with an urgent-sounding message about a bank, credit card or other account that contains sensitive personal information and a link to click on to check the status of your account.
The link doesn't take you to your account. Instead, it takes you to a fake login page so the spammer can learn your username and password, which they can then use to login to your real account to steal your identity, money, etc. If they get a hold of your email login, they could even use your account to send spam like this!
Never click on the link in such an email, especially one that sounds urgent. If you need to check the status of an account, you should instead go to it directly by typing the real web address into your browser.
About This Phishing Scam
Unlike many other phishing scams, this one comes from actual email addresses that have been hacked by the spammer. The emails tell you there's a document waiting for you to view on Google Drive, Google Docs, Google Document, etc. and ask you to log in to view it by clicking the link.
Some even include what appears to be the signature from the hacked account. Here's an example:
That's where the sophistication ends. The "View Here" link goes to a pretty spammy-looking landing page. There are several versions, but the ones I've seen have icons for Google Drive and some Adobe and Microsoft products, followed by four icons for popular various email systems.
The spammer wants you to click on one of the email system icons and "log in" to your acccount. That would be a really bad idea.
How We Block Spam Like This
Despite its appearance, this phishing campaign was a little trickier to block than some others. For one, the email headers look good because the messages are coming from actual accounts that have been hacked. Often you see problems in the headers of spam emails, but there were few here, so a purely heuristic antispam program (which SpamStopsHere is not) would likely rate it as legitimate on that criteria, increasing the odds it would go through.
SpamStopsHere works differently. We don't rely on weighting factors to guess the probability that an email is spam. Instead, we pass each email through a series of filters that test the email against our massive database of spam profiles. If any filter flags the message as spam, it is blocked.
The few emails that we cannot positively ID as spam are immediately sent to our 24/7/365 live threat analysts for review. Within seconds, they know if the email is spam. If so, they block it and then further analyze it, creating additional filter rules if possible, that are then fed into our database. That's usually sufficient to block the rest of the campaign, and often variations that appear later.
Our automated systems flagged this campaign as suspicious and sent it to our threat analysts for review. Our analyst Bryce wrote a new rule to match unique patterns that he detected and updated our spam profile database, blocking the campaign now and in the future to protect our customers.
Exceptional Anti-Spam and Secure Cloud Email for Business
SpamStopsHere was designed for business. Our live spam review team analyzes and blocks threats 24/7/365, so we can filter out 99.5% of spam and still deliver 99.999% of legitimate email to our customers. It's cloud based, secure and easy to use. There's no additional hardware or software to buy, no maintenance, and no tuning required. Get more info here.
SpamStopsHere and our other secure Cloud email services (hosting, encryption and archiving) also come with 24/7/365 live support.
If a conversation about secure email makes sense for your business, give us a call, chat or email anytime. We're always here. 24/7/365.
www.GreenviewData.com | 800-458-3348 | 734-426-7500 |
Note: Third party marks are the property of their respective owners. No endorsement by third parties is implied and none should be inferred.