Nonsensical Google Drive Campaign


Thought Leadership

Nonsensical Google Drive Campaign

Bear Huddleston

Last week, spammers were busy sending thousands of emails that were somewhat nonsensical and containing a Google Drive URL. The body of the email also contained several random words and a time stamp.

Curiosity got the best of us, so we decided to find out what this mysterious email was all about. Don't worry, we were careful, we know that know curiosity killed the cat.

Below are two samples of the messages we intercepted.





First, what is a Google Drive link?

Google Drive a personal share link within the Google Drive service. Normally, a person using Google Drive service would use it to share a file or document with another person.

However, a spammer can host a webpage using Google Drive. They can then craft an email with a link to the "webpage," that in turn redirects anyone that clicks on the link to a malicious website outside of Google Drive. This bypass Google's security scan. Finally, the spammer can create many links (or use hijacked gmail accounts) to use for a spam campaign.

In the cases above, the spammer are attempting to redirect anyone that's curious enough to click the link to a pornographic or dating service with an affiliated token. This token generates ad revenue for the attacker. It appears their objective isn't to hijack the target but farm clicks.

If one person clicks on the malicious URL within the email, it could generate $0.01 to $0.02 for the spammer. However, if thousands to hundred of thousands people click on the link, the spammer can make a pretty penny. This is a pretty common tactic to abuse ad revenue services.


Even though this campaign was using Google Drive links to generate profit from clicks, these Google Drive links can redirect you ANYWHERE! As I mention earlier, they can exploit Google Drive service to send you a direct link to a devastating situation. Before you know it, you could have a ransomware on your computer.

I highly recommend reading this article: Don't Let Your Customers Be Ransomware Victims: Four Ways to Protect your Organization From Attack.


Next time you see an email that doesn't quite make sense and contains a URL, think twice before clicking. When in doubt, don't open the email or any link within it.

If you are an AppRiver customer, forward the email to and our 24/7 trained cybersecurity specialists will review the email for your safety.