Today Google has over 1.5 billion users. While some use Gmail, others utilize many of their free services for business purposes. These services include Google Photos, Google Calendars, and Google Drive. These free services don't just make it easier for Google's users to share their data across applications, they also create a spamming highway that cybercriminals are beginning to utilize in ways that average users would have never thought.
Scamming attempts start with a simple photo share. Within the photo share, the cybercriminals would place a comment that states something about a large remittance that can be had by replying to the email address supplied in the message. For the recipient, it would look like an ordinary photo share with the header "so-and-so shared a photo with you."
The email address would reply with a scam stating that you need to supply a small deposit to receive a large payout. Those who follow through with the hopes of getting a big payout will be significantly disappointed when they never see their money again. As for the scammers, they just move on to new victims.
Google Calendars allows anyone to invite you to a meeting. This convenience helps users make recurring meetings or one-off phone calls. Scammers have realized this and developed a system to exploit this feature. Scammers send out calendar invites in vast amounts with text that states you are entitled to something of value, whether that be money or some free service, and a link that will let you receive this benefit. Then, once you click through the link, you are redirected to a site that is either a phishing attempt to get bank information or a ransom attempt stating a small deposit is needed to receive the benefit.
Along with these blatant phishing attempts, there is also the potential that the cybercriminal will try and deliver some malware through the same link.
A commonly known fact is that cybercriminals use cloud storage to hide their activities. Couple this with Google Drive, and there is an endless landscape for these criminals to deliver malware, phishing pages, and annoying ads. When these cloud links go out, it is challenging for spam filters to know that they are in fact, spam. The reason the spam folders have a hard time determining if the email is spam is that the links usually have a random set of numbers and letters, and they have a valid google drive address. Keeping this in mind, if you see an email you don't recognize it's best to just delete it without opening.
Google is one of the largest email providers available and this makes them a perfect target for cybercriminals, but there is no need to worry. If you have concerns about cybersecurity and securing your patients Medicus IT can help. We develop unique IT solutions for healthcare practices. Cybersecurity is just one of the many services we provide. For more information and a free network assessment, reach out to us today.