An email notification created by the scam, which also comes from Google, also contains a potentially malicious link. If tapped, the notification takes you directly to a document that contains a very large, tempting link.
On mobile, the scam uses the collaboration feature in Google Drive to generate a push notification inviting people to collaborate on a document. The smartest part of the scam is that the emails and notifications it generates come directly from Google. The scam itself is nothing new – messages asking you to click on dodgy links are as old as the internet itself – but could catch a lot of people off guard. A flaw in the Drive is being exploited to send out seemingly legitimate emails and push notifications from Google that, if opened, could land people on malicious websites. Scammers just found a new phishing lure to play with: Google Drive.
