Phishing Awareness - Google Drive Notification Loophole

It is becoming increasingly more common that scammers are using Google Drive's built in notification system to bypass Google's phishing and spam filters when sending out malicious messages. Essentially what it looks like is a scammer will put together a document that has shady contents and then share the document with potential victims so that an email notification goes through to the target that it was shared with. The reason why this works is that the email technically originates from Google and not the person that shared the document.

To counteract this, Google has added a link that the recipient can click at the bottom of these email notifications to block the email that shared the document. See the example below.

The problem with this solution is that it encourages the recipient to click a link inside of the email and that link could theoretically be spoofed if the email didn't actually originate from Google. Before clicking this link, please hover over it with your cursor and double check, in the bottom left corner, that it actually goes to drive.google.com.

Unfortunately, at this time Google doesn't have a system in place for administrators to block specific accounts from sending drive share notifications to an entire organization. As far as I know, there isn't even an officially supported way to proactively block known scam accounts before they share something.

It's for that reason that I decided to throw together a small web based tool that can be used to proactively block a specific email in Google Drive. Here's a link to it if you'd like to use it. You can start off by blocking susankeddy@orange-elem.org. I also added a link to the tool on the Mojo Helpdesk home page for future reference.