The Google Drive Scam and Why We Share Our Info With Strangers

iStock_000009144696SmallIn July, a group of phishers used Google Drive to lure unsuspecting people into offering up their personal information. This month, a similar scam involving the online employment service, Monster.com, surfaced using Google Drive as its front. Isn’t particularly fancy – if you’re a regular reader of this space you’ll know the most effective scams rarely look like the last half hour of “The Sting” or “Ocean’s 11″ – but it has been effective.

The scam works by creating a false job offering for which applicants share their resume in the hopes of scoring an interview. Unfortunately, there is no job. They’re just phishing for data.

The more recent version creates an application on Google Drive, which is shared with the victim, who enters their information manually and often gets malware or spyware in return. The newer version still steals information in the most low-tech way possible: by getting the victim to fall for a lie. But it also includes the high-tech angle of the malware or other malicious scripts, which can scrape the victim’s computer for data in the future.

Google is working to improve its SSL security (a high-tech security protocol whose weakness is the source of this scam), and has been doing so for most of the year. The ugly secret regarding the tech giant in 2015 is that, at the same time they’ve been setting records on Wall Street – including the largest single-day jump in a company’s value in the history of the universe – they’ve had real problems with their technology.

In addition to the weakness of their SSL protocol, they’ve sworn to fix the bugginess and slow speeds of their Chrome browser, which was once the definition of sleek speed. They also were publically called out over the summer for the cataclysmic failure of GMail’s spam filter, which was letting significantly more spam through while also marking legitimate messages for deletion. Those failures, coupled with the unpopular new user interface on several of their iOS products and some bugginess complaints regarding Inbox should leave most readers concerned.

If you can’t trust Google, who can you trust?

More important than this specific scam or Google’s rough 2015 is the larger question the Google Drive scams have raised. We regularly share more information online than would normally be prudent, and we often take for granted that a large company must has security that’s top-notch. We might think back to a customer service issue and assume that a positive experience with one branch of the company reflects positively on the whole operation. But what do we really know? Here’s a quick rundown of things that might scare you:

Think about all of the information on your resume. Does it have your contact info? Your home address? How much information could be gleaned from it, particularly if a scammer were to place that information next to any other information you may not know they have? How many times have you shared your resume online? It may be time to make your resume more secure.

Do you sell on eBay? Buyers can request the listed email and delivery address for sellers once they make a bid. If you list a high-value item and your home address is listed, what’s to stop someone from breaking into your home and stealing it? You’re not using your work email, are you? What’s to stop a buyer from using that address to tell your boss about what you’re selling or raise a complaint about how you handled a transaction?

Are you on a dating website? Hopefully, the Ashley Madison hack was enough to convince you to protect your data and be careful what you share with strangers. Unfortunately, most of the conversation around the hack focused on the tawdry details about the site, suggesting a more traditionally moral site could never be hacked.

Remember, Christian Rudder, the founder of OKCupid, wrote an entire book about how valuable the data you provide them is. His thesis was that he had better data about your behavior than all of the scholars writing about human relationships, because you were honest. In interviews, the founder of Ashley Madison said the same thing: No one will be honest about sex or infidelity, so only they understood us with our guards down. How much is our romantic data worth to scammers?

It’s important to think about what you put online and how you can reveal less of yourself. It’s also important to make sure you protect yourself if your identity or data gets breached. Whether you use a credit and identity monitoring service or free resources — like your free annual credit report, a credit freeze, or one of the no-cost monitoring services available — you need to have a solid plan in case your identity is compromised.  In today’s breach-heavy world, assuming you’re always safe can have serious financial repercussions.

Sources:

Leave a Reply

Your email address will not be published. Required fields are marked *