Report: Critical security vulnerabilities in Android and iOS apps
infosec

Report: Critical security vulnerabilities in Android and iOS apps

Most tests on iOS and Android apps show that the most common security issue faced by apps for ...
Read More
infosec

TripAdvisor: Cancels broken members' passwords

Making attacks through the theft of credentials by hackers is a very common phenomenon. It is also customary to publish these ...
Read More
infosec

The Pentagon: Does cyber-war start with Iran and why?

The Pentagon: The US government launched a digital strike against an Iranian espionage team, which is responsible for the attacks ...
Read More
infosec

VLC media player: 2 has identified critical vulnerabilities. Update immediately!

VLC media player has two high-risk security flaws in 3.0.6 software versions and earlier that allow hackers to ...
Read More
infosec

Google Calendar spreads phishing links to unsuspecting users

Nowadays, cyber criminals have developed many methods and have discovered various ways to deceive the ...
Read More
Latest Posts

How do spammers use Google services for hacking?

Spammers: Google is not just a search tool, but many services are used by billions of people everyday: gmail, Calendar, Google Drive, Google Photos, Google Translate etc.. and are all integrated with each other. The calendar is linked to Gmail, Gmail to Google Drive, Google Drive to Google Photos, and so on.

It's also very convenient - sign up once and get rid of it. Google does everything for you. The downside is that online fraudsters have learned to take advantage of the convenience of services Google to send spam messages.

Spammers

Spam through Google services: Calendar, Photos, Drive, Storage, Analytics and Forms

The main task of the spammer is to bypass the spam filter and deliver e-mail to your inbox. As is the case, Google services often send notifications to Gmail inboxes and the Gmail inbox antispam Google does not reject its own notifications. With that in mind, let's look at what spam services Google uses and how spammers use it.

  • Spam to Google Calendar

Of course, if someone uses Google Calendar to arrange a meeting with you, you will receive notifications.

Because Google Calendar is designed to invite someone to a meeting, both Calendar and Gmail (which receives the notification), it is perfectly reasonable to work together.

Spammers use the location and subject fields to transfer the details to you. Usually, their spam items consist of a small piece of text stating that you are entitled to a payment in cash for some reason and a link that is supposed to allow you to receive it.

After that, the process most you know - whether it's about phishing email from which hackers try to get your bank card details or they ask for some kind of transfer fee to be paid before sending the money.

Attackers are also experienced in using Google Calendar to create false polls for which reward is offered. And nothing prevents them from using the same a loophole for distributing other types of spam or phishing as well malware.

  • Spam to Google Photos

Hackers use Google Photos to share photos that include reviews of large remittances that can be obtained by responding to the email they are offering. For the recipient, it looks like a harmless email from Google Photos with the header "... shared a photo with you".

A photograph of a non-existent check that with a certain commission will unlock a much larger amount. After the victim has paid, the scammers simply disappear into the ether.

Google

Google Photos is perfect for hackers just because it allows an image and text comment to be placed in an email notification with such a harmless header that is almost certain to open.

  • Spam to Google Forms

Fraudsters are actively using the Google tool to create forms and polls to collect user personal data and send unsolicited commercial offers.

Data collection forms that seemed convincing made Google Forms dear to phishers. Victims are required to fill in forms with personal data, card details,

  • Spam on Google Drive and Google Storage

Quarterly spam and phishing reports repeatedly warn users that the cyber criminals have long been using it cloud storage to hide their illegal content. Besides, it is extremely difficult for them spam filters to determine if an email is false based on a unique link inside it consisting of a random set of symbols.

Google

In this way, almost anything can be delivered to the recipient, including malware, phishing pages with data collection forms and embarrassing ads. Most of the time, such links show text files, spreadsheets, presentations, with a more detailed description and new links to the "final product".

Google

Google Storage is another junk e-mail repository. It involves links with redirects to fake landing pages and various images for use in spam messages.

  • Spam to Google Analytics

We also encounter such forms of spam in other popular Google services. These include Google Hangouts and even notifications from Google Ads and Google Analytics. In the latter case, users receive a message with an attached PDF report for an unknown site.

Analytics allows this file to be accompanied by text and link, which is exploited by cybercriminals. Here you can target business users as these services are actively used by site owners.

Spammers

How to avoid spreading spam through Gogle and other popular services.

Unfortunately, there is no drug against such a form of spam. The required settings depend on the service and if you restrict some, in most cases, usability will be reduced.

For example, in the Google Calendar, it is possible to disable the automatic addition of events until the invitations are accepted, but this also affects the events that are of real interest. However, the spam in this tool is probably the most annoying, so it makes sense to risk it.

To be fair, we have to say that Google does a lot to fight spam and keep hackers away. But the fight against spam never ends.

The most important thing is to be careful.

  1. Do not open messages from unknown senders.
  2. Never accept invitations from people you do not know.
  3. Do not touch or click on links to messages you do not expect.
  4. Install a trusted backup solution with a backup drive to filter at least some of the unwanted messages sent through the Google filter.

Source: kaspersky.com

Share
Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *