Skip to main content
FDIC-insured. Backed by the full faith and credit of the U.S. Government.

Scam of the Week: Tricky Tags in Google Drive Phishing Attack


Posted on Saturday, December 5, 2020 in Privacy & Security

Phishing emails are often designed to trick you into clicking a malicious link. Most email clients, such as Microsoft Outlook and Gmail, have filters that add warningmessages to emails with suspicious-looking links. Unfortunately, the bad guys are alwys finding new ways to bypass these security filters.

The latest way that scammers snek past your email security is by taking advantage of the collaboration tools available for the Google Drive platform. The platform allows you to tag any user in a file by using their Gmail address. Once tagged, the user will receive a notification directly from Google. This means that if a bad guy tags you in a Google document, you will receive a legitimate notification from Google that includes a link to the bad guy's file. If you view the file, you'll likely find that it directs you to click another link. This second link is actually a malicious attempt to steal your sensitive information.

Don't fall for this trick! Remember:

  • Always be suspicious of emails or notifications from someone you do not know.
  • Neve click on a link within an email that you eren't expecting -even if it came from a legitimate website.
  • If you receive a suspicious email or notification, contact your IT department or follow the speccific procedure for your organization.

Stop, Look, and Think. Don't be fooled.
The KnowBe4 Security Team

Back to Top