Scammers will do anything to get you to click, and that doesn’t mean simply invading your email, but now your online backup drive from Google, too.
Criminals are out to get your money, identity, and clicks, and they’ll do it through whatever means they can. It might be something traditional, such as an email meant to lure you to click, or it could be something more complicated like a calendar entry that mysteriously appears and clogs up your schedule with links.
Scammers are getting better at hitting the services we use, and that last one — the calendar scam — has become so frequent, you can almost bet on receiving one every month or two if you’re someone who relies on Google Calendar, which tends to process the spam calendar invites on email without you even realising it.
But it’s not the only way scammers are trying to use Google’s tools and services against users, and appear to have turned to another to get people to click: Google Drive.
The Google Drive PDF scam
This appears to be a new-ish one, and certainly not something we’ve come across directly before.
Simply put, this scam sees a PDF shared to your Google Drive account, sending a notification of the shared file on your phone.
If it comes as a bit of a surprise, your first bet is likely to press on the notification to find the PDF waiting for you.
Since we’ve seen this sort of thing before in the Google Calendar scam, the assortment of Russian or Slavic characters and a random image suggests that it’s a scam PDF, which it seems to be.
From what we can tell, the several we’ve seen thus far are either on get rich quick schemes or inexpensive gadgets, but the goal is always the same: click this link for more information.
Like most scams, you definitely should not click on the link, and should remove the file from your Google Drive account. Removing the share is pretty easy, but it’s also somewhat easy to accidentally find yourself staring down at a dodgy PDF that has been seemingly mistakenly shared with you.
Checking and removing a dodgy PDF from Drive
You’ll know when you’ve received one, because the alert that there’s a new shared file in your Drive will pop up as an alert if you have Google Drive installed. Since that’s every Android phone, that essentially means any Android user should see the alert, and possibly some iOS users who have Google Drive installed, too.
Unfortunately, if you try to head to Google Drive’s location from the Android drop down bar, you’ll be transported instead to the file, which isn’t dangerous in this case, more just a passing annoyance. There doesn’t seem to be an active viral payload this scam; rather, it’s just a PDF with links.
You can clearly ignore it, and even if you don’t remove it yourself, Google will eventually remove it for you, we found, thanks in part to some of the features the search giant and services provider appears to be building into its tools.
“We continue to roll out updates to our spam, abuse, and blocking features to prevent such activity from taking place on Drive. Users who are experiencing similar issues can report files as spam without having to view them,” said a Google spokesperson.
With the news that the file won’t really do anything, clicking and removing the scam PDF is pretty easy, even if it is a bit of a hassle. In removing one, you may actually found more have been shared to the same Google Drive account, as this happens in the background. However once you’ve removed one, you can largely expect the others to disappear, if not by Google’s automated systems, then by you removing them out of sheer frustration.
How to prevent the Google Drive PDF scam from happening
Right now, there doesn’t appear to be a way to stop the Google Drive PDF scam from actually affecting you. The email shares going out are likely from collected email addresses from around the web, and so are going out to anyone and everyone a scammer want to try and land a win with.
That means that if you do get one, you’re not infected by anything, and have just been sent something the scammer wants you to click on. Remove the file from your account and you’ll be fine. Google will keep working on its technology to prevent this sort of thing from happening in the first place, and you can keep on keepin’ on as you normally do.
Know what you’re going to click on
However the point to avoid getting caught my scams on the whole is to know what you’re clicking on, and to not just click a link solely because you received the link online.
Whether you’re seeing links in email, on calendar, on a messaging system or social network, or even through a randomly shared document that mysteriously appears in your online file storage, be aware of what links you’re clicking on and if you should be in the first place. Not every link is going to be nice to you, and the last thing you’ll want to do is fall down a rabbit hole of “will I, won’t I get scammed”.