Google Drive Attacks Leave Users Exposed, And You Can’t Stop Them
Google Drive has long been a core service of the internet search giant, evolving steadily over the years. While Google continues to improve its features, one glaring issue remains unresolved: spam and phishing attacks. Users have little control over unsolicited file shares and continue to be targeted through this method. The growing concern highlights Google's lack of decisive action.
Spam and phishing threats on Google Drive have existed for years, and the problem shows no signs of abating. The challenge lies in the platform’s core functionality, which is sharing or collaboration, subsequently making it vulnerable to abuse.
New Google Drive Spam Campaign Is Active
Recently, my colleague Corinna became a victim of this ongoing issue. She shared how a wave of spam files suddenly appeared out of nowhere in her account, with some even bypassing spam filters and landing directly in her main inbox.
As seen in the screenshot, many of these files arrive in HTML format from various senders, often using email addresses with a pattern of full three-word names. This suggests a coordinated campaign, possibly orchestrated by a single actor or cybercriminal group.
These files typically contain links and use urgency or alarming language to trick recipients into clicking. Upon opening, users are met with broken image previews and random text in various languages, which appear as unstructured and suspicious content.
/ © nextpit
While clicking the file may not cause immediate harm, it’s believed that attackers use this tactic to confirm which email accounts are active and vulnerable. Once clicked, the sender is notified, potentially flagging the account for future attacks. However, the risk escalates with other file types like PDFs or Excel documents, which may contain links to malicious websites.
The campaign appears especially prominent in Germany, where many users have reported compromised accounts and shared their experiences on Reddit. However, similar reports are emerging from other countries as well, with users receiving unexpected notifications of new Google Drive files and folders from random people that have been shared to their accounts.
Is There a Fix for This Google Drive Spam Problem?
Despite the recurring nature of this threat, Google has yet to implement a robust solution. The platform’s spam filtering system is inconsistent and often fails to block these attacks. While there are no confirmed cases of direct exploitation from these spam files, basic safety measures are strongly recommended.
Users should avoid opening suspicious files and refrain from clicking any embedded links. Google also advises enabling multi-factor authentication and regularly reviewing app permissions in their services and accounts. While on Android devices, built-in tools like Chrome’s malicious site detection and Play Store safeguards, such as blocking third-party apps, offer additional protection.
Beyond Google Drive, similar issues are affecting other services like Gmail. Recently, it was confirmed that a group of notorious cyber attackers breached Salesforce’s database, potentially exposing data from up to 2.5 billion users. Google has acknowledged the threat and stated that it has notified affected users.
Have you been affected by the same Google Drive spam or scam file notifications lately? How did it go for you? Share your experience in the comments.
