There are about a million scams out there, and I promise you that no matter how hip and with it you think you are, you’ll fall for at least a few of them.

Read the fine print. Check the sender’s actual email address. Check the body of the email for spelling, and don’t buy anything people are selling with cold phone calls.

But what about what’s happening lately on Google Drive?

Image Credit: Pexels

If you don’t know what I’m talking about, that’s ok – I’m about to tell you.

Scammers are exploiting a flaw in Drive that sends out emails and push notifications from Google. If you open it, you end up on malicious websites.

The scam itself is nothing new, but the fact that the emails and notifications actually come from Google makes it seem more legitimate. Google’s spam filters are also fooled, which means it will land in your Inbox not in your Spam folder, which also encourages people to click.

Add the sender being Google, and the scammers are having quite a bit of success.

Image Credit: Pexels

Drive is ripe for scamming, because it wants you to know when someone has mentioned you in a comment – colleagues asking you to check in on a project or presentation, things like that. It’s easy to get a malicious link in front of a potential victim.

The scammers appear to be working their way through a giant list of Gmail accounts, as tons of people are reporting similar versions of the same type of attack in recent weeks. A spokesperson from Google says there are security measures in place to detect new types of spam attacks, but none of them are ever 100% effective.

Image Credit: Hoax Slayer

Advises David Emm, principal security researcher at cybersecurity firm Kaspersky,

“It’s difficult for Google to do anything if the notification is coming from a legitimate account, which is, of course, easy to create.

Avoid clicking on unsolicited links of any kind when sent from unknown sources.

If you weren’t expecting to receive it and don’t know the sender, don’t respond.”

You can report suspicious emails and other suspicious activity you receive directly to Google, and in the meantime, it’s better to be safe than sorry.

Assume the worst, people, and protect yourself out there.