Scammers are abusing a Google Drive feature to send phishing links in automated email notifications from Google. Utilizing the “collaborate” option on Google Drive, the platform is sending notifications directly from Google adding a layer of legitimacy to the email or notification. On mobile devices that have Google Drive, users are receiving a push notification directly inviting the potential victim to interact with the Google Document. Once clicked, they are presented with a very large link to click leading them to a malicious URL.
Fortunately, the current campaign appears to be poorly written and generally should make users suspicious. At this time, Google is unable to act as the collaboration invites are coming from Google email accounts that are easy for attackers to create as malicious ones get flagged.
In organizations where employees collaborate on Google products, it is especially important to review emails and invitations for legitimacy before interacting, as it is possible for more talented threat actors to take advantage of this tactic. Users should be extremely cautious when receiving invitations to collaborate from unknown accounts and should verify received invitations with their organization for legitimacy.