To help protect you against malicious links, most email clients have filters that flag suspicious-looking emails. To bypass these filters, cybercriminals often create malicious content using well-known platforms such as Google Drive, and then use the platform’s share feature to distribute their content. Since these platforms are so widely used, your built-in email filters typically do not recognize that this content is malicious.
In a recent phishing attack, scammers are using a phony notification from DocuSign (a popular electronic agreement service) that actually includes a link to a malicious Google Doc. The fake notification states that you have an invoice to review and sign. If you click on the included View Document button, you’ll be taken to what appears to be a DocuSign login page that asks for your password. In reality, the button leads you to a Google Doc disguised as a DocuSign page, and any information entered on the document is sent directly to the bad guys.
Don’t fall for this trick! Remember:
- Never click on a link or download an attachment in an email that you were not expecting.
- If you think the email could be legitimate, be sure to hover over the link (or button) to preview the destination. Look for discrepancies, such as a DocuSign email using a Google Drive link.
When an email claims to include an invoice, try to find evidence of the transaction elsewhere, like on your bank or credit card statements.