• by Ray Schultz , June 11, 2019

The convenience of Google’s many linked services has opened a door for cyber criminals to send spam — “or worse,” Kaspersky reports.  

One vehicle for delivering malicious messages is Google Calendar. “Anyone can schedule a meeting with you,” Forbes writes. Calendar invites, of course, are not flagged as spam.

The goal of this maneuver?

“Spammers use the location and topic fields to convey the details to you,” Kaspersky writes. “Usually, their spam details consist of a short bit of text stating that you are entitled to a cash payment for some reason, and a link that supposedly lets you receive it.”

Intended victims can avoid harm by not clicking on attachments. 

Likewise, spammers can send messages via Google Photos. 

“Scammers use Google Photos to share photographs that include comments about sudden large remittances that can be had by replying to the e-mail address supplied in the message,” Kaspersky continues. “For the recipient, it looks like a harmless e-mail from Google Photos with the header “So-and-so shared a photo with you.”

In addition, cyber felons use “Google’s versatile tool for creating forms and polls to harvest personal user data and send unsolicited commercial offers."

Google Storage is yet “another repository of spam resources. These include links with redirects to fake landing pages and various images for use in spam mailings.” And Google Analytics has also been infiltrated by spam in some instances.

Analytics allows this file to be accompanied by text and a link, a fact exploited by cybercriminals. Here they can target business users, since these services are actively used by website owners.

Kaspersky urges Gmail users to take these precautions:

- Do not open messages from unknown senders.

- Never accept invitations from people you don’t know.

- Do not tap or click links in messages you weren’t expecting.

- Install a reliable security solution with an antis-pam module to filter out at least some of the spam that wriggles through Google’s filter.

UPDATE:

A Google spokesperson issued this statement  “Google’s Terms of Service and product policies prohibit the spreading of malicious content on our services, and we work diligently to prevent and proactively address abuse. Combating spam is a never-ending battle, and while we've made great progress, sometimes spam gets through. We remain deeply committed to protecting all of our users from spam: we scan content on Photos for spam and provide users the ability to report spam in Calendar, Forms, Google Drive, and Google Photos, as well as block spammers from contacting them on Hangouts. In addition, we offer security protections for users by warning them of known malicious URLs via Google Chrome's Safe Browsing filters.”