Cybercriminals abuse Google services to send spam, phishing links

July 11, 2019 - 17:59
Online fraudsters have learned to exploit the convenience of Google services to send spam or worse, according to Kaspersky, a global cybersecurity company.

 

Spammers have learned to take advantage of the convenience of Google services to send spam messages. — Photo courtesy of Isobar Agency

HCM CITY —  Online fraudsters have learned to exploit the convenience of Google services to send spam or worse, according to Kaspersky, a global cybersecurity company.

Google is not only a search tool but also offers multiple services used by billions of people every day, including Gmail, Calendar, Google Drive, Google Photos, Google Translate and others, all of which are connected, Kaspersky noted in a report released on Wednesday.

The spammers' main task is to bypass the spam filter and deliver e-mail to users’ inboxes. As spam is sent, Google services often send e-mail notifications to Gmail inboxes.

Google’s antispam module, however, avoids flagging notifications from its own services as spam.

In the case of spam sent through Google Calendar, which is designed to let anyone invite user to a meeting, spammers use the location and topic fields to convey details to users.

Usually, the spam includes details consisting of a short text stating that the user is entitled to a cash payment for some reason, accompanied by a link that supposedly lets the user receive it.

This is usually a phishing link from which cybercriminals try to get users’ bank card details (ostensibly to send users the money). Or, they ask for some sort of transfer fee to be paid before the money is sent.

In addition, scammers use Google Photos to share photographs that include comments about sudden large remittances that can be had by replying to the e-mail address supplied in the message.

To the recipient, it appears to be a harmless e-mail from Google Photos with the header “So-and-so shared a photo with you.”  If the victim pays up, the scammers simply vanish.

Google Photos is great for cybercriminals precisely because it allows a picture and text comment to be placed in an e-mail notification with such an innocuous header that it is almost certain to be opened.

Such spam has made its way into other popular Google services, too.

In fairness, Google does a lot to combat spam and keep scammers out. But as Google itself notes, the struggle against spam is never-ending.

To guard against spam distribution through Google and other popular services, users should not open messages or links sent from unknown senders, never accept invitations from strange people, and install a reliable security solution, the report recommended. — VNS

 

 

E-paper