Beware of malicious files in your Shared with Me folder – 02/05/2024
How attackers are using Google Drive
Google Drive is a wonderful tool that allows you to collaborate with colleagues and share information easily. All you need is someone’s email address and the file you share shows up in their Shared with me folder. Easy peasy, lemon squeezy. Unfortunately you are not the only one taking advantage of this. Scammers too love the easy way they can deliver malicious documents directly into your Shared with me folder.
Some attackers like to send an email notification, thinking their email is clever enough to direct you to the document. Others are less confident of their composition skills and skip the email, hoping you will stumble upon the malicious document the next time you cruise through your Shared with me folder. The expecation is once the document is discovered, curiosity will drive you to open it.
The good news is Google scans all shared documents so if you do open it, nothing bad will happen. However the danger is not in opening the document. The danger is in what the document contains … malicious links. Those link take you to a Google form or a malicious website that harvests login credentials or loads malware onto your machine. One click and your computer can be compromised.
How to protect yourself
If you stumble upon a document you don’t recognize in your Shared with me folder, right click it and choose File information>Details. Scroll down until you find the name of the creator. If they are a MRU colleague, email them using their MRU email address and ask for more details about the document.
If they are outside of MRU and you have their phone number, call them and ask about the document. If you don’t know them, consider the document malicious. Drag the file to your Google Drive Spam folder (yes you have one). A dialog box will appear asking you why you are reporting the file and giving you the option to block further document shares from that email address. Make your selections and click the Report button. It won’t prevent the attacker from creating another email address and sharing another document, but it gives Google information it can use to stop similar document shares in the future.