Spammers: Google is not just a search tool, but many services are used by billions of people everyday: gmail, Calendar, Google Drive, Google Photos, Google Translate etc.. and are all integrated with each other. The calendar is linked to Gmail, Gmail to Google Drive, Google Drive to Google Photos, and so on.
It's also very convenient - sign up once and get rid of it. Google does everything for you. The downside is that online fraudsters have learned to take advantage of the convenience of services Google to send spam messages.
Spam through Google services: Calendar, Photos, Drive, Storage, Analytics and Forms
The main task of the spammer is to bypass the spam filter and deliver e-mail to your inbox. As is the case, Google services often send notifications to Gmail inboxes and the Gmail inbox antispam Google does not reject its own notifications. With that in mind, let's look at what spam services Google uses and how spammers use it.
- Spam to Google Calendar
Of course, if someone uses Google Calendar to arrange a meeting with you, you will receive notifications.
Because Google Calendar is designed to invite someone to a meeting, both Calendar and Gmail (which receives the notification), it is perfectly reasonable to work together.
Spammers use the location and subject fields to transfer the details to you. Usually, their spam items consist of a small piece of text stating that you are entitled to a payment in cash for some reason and a link that is supposed to allow you to receive it.
After that, the process most you know - whether it's about phishing email from which hackers try to get your bank card details or they ask for some kind of transfer fee to be paid before sending the money.
Attackers are also experienced in using Google Calendar to create false polls for which reward is offered. And nothing prevents them from using the same a loophole for distributing other types of spam or phishing as well malware.
- Spam to Google Photos
Hackers use Google Photos to share photos that include reviews of large remittances that can be obtained by responding to the email they are offering. For the recipient, it looks like a harmless email from Google Photos with the header "... shared a photo with you".
A photograph of a non-existent check that with a certain commission will unlock a much larger amount. After the victim has paid, the scammers simply disappear into the ether.
Google Photos is perfect for hackers just because it allows an image and text comment to be placed in an email notification with such a harmless header that is almost certain to open.
- Spam to Google Forms
Fraudsters are actively using the Google tool to create forms and polls to collect user personal data and send unsolicited commercial offers.
Data collection forms that seemed convincing made Google Forms dear to phishers. Victims are required to fill in forms with personal data, card details,
- Spam on Google Drive and Google Storage
Quarterly spam and phishing reports repeatedly warn users that the cyber criminals have long been using it cloud storage to hide their illegal content. Besides, it is extremely difficult for them spam filters to determine if an email is false based on a unique link inside it consisting of a random set of symbols.
In this way, almost anything can be delivered to the recipient, including malware, phishing pages with data collection forms and embarrassing ads. Most of the time, such links show text files, spreadsheets, presentations, with a more detailed description and new links to the "final product".
Google Storage is another junk e-mail repository. It involves links with redirects to fake landing pages and various images for use in spam messages.
- Spam to Google Analytics
We also encounter such forms of spam in other popular Google services. These include Google Hangouts and even notifications from Google Ads and Google Analytics. In the latter case, users receive a message with an attached PDF report for an unknown site.
Analytics allows this file to be accompanied by text and link, which is exploited by cybercriminals. Here you can target business users as these services are actively used by site owners.
How to avoid spreading spam through Gogle and other popular services.
Unfortunately, there is no drug against such a form of spam. The required settings depend on the service and if you restrict some, in most cases, usability will be reduced.
For example, in the Google Calendar, it is possible to disable the automatic addition of events until the invitations are accepted, but this also affects the events that are of real interest. However, the spam in this tool is probably the most annoying, so it makes sense to risk it.
To be fair, we have to say that Google does a lot to fight spam and keep hackers away. But the fight against spam never ends.
The most important thing is to be careful.
- Do not open messages from unknown senders.
- Never accept invitations from people you do not know.
- Do not touch or click on links to messages you do not expect.
- Install a trusted backup solution with a backup drive to filter at least some of the unwanted messages sent through the Google filter.