Example of a scam using Google Apps Script<\/h2>\n
All the attackers have to do is get the user to click a link. Recently, the most common pretext was a \u201cfull mailbox.\u201d In theory, that seems plausible.<\/p>\n
![\"A](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/36\/2021\/07\/27221936\/google-scripts-phishing-letter-1.jpg\")
<\/a>A typical phishing e-mail using a full-mailbox scam<\/p><\/div>\n
In practice, attackers are usually careless and leave signs of fraud that should be obvious even to users who are unfamiliar with real notifications:<\/p>\n
- \n
- The e-mail is apparently from Microsoft Outlook, but the sender\u2019s e-mail address has a foreign domain. A real notification about a full mailbox should come from the internal Exchange server. (Bonus sign: The sender\u2019s name, Microsoft Outlook, is missing a space and uses a zero instead of the letter O.)<\/li>\n
- The link, which appears when the cursor hovers over \u201cFix this in storage settings,\u201d leads to a Google Apps Script site:
\n![\"E-mail](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/36\/2021\/07\/27221946\/google-scripts-phishing-address.jpg\")
<\/a>E-mail link to Google Apps Script<\/p><\/div><\/li>\n
- Mailboxes do not suddenly exceed their limits. Outlook starts warning users that space is running out long before they reach the limit. To suddenly exceed it by 850MB would probably mean receiving about that much spam all at once, which is extremely unlikely.\n
In any case, here is an example of a legitimate Outlook notification:<\/p>\n
<\/p>
![\"Legitimate](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/36\/2021\/07\/27221952\/google-scripts-phishing-notification.jpg\")
<\/a>Legitimate notification about an almost full mailbox<\/p><\/div><\/li>\n
- The \u201cFix this in storage settings\u201d link redirects to a phishing site. Although in this case, it\u2019s a fairly convincing copy of the login page from Outlook\u2019s Web interface, a look at the browser\u2019s address bar reveals that the page is hosted on a counterfeit website, not in the company\u2019s infrastructure.<\/li>\n<\/ul>\n
How to avoid taking the bait<\/h2>\n
Experience shows that phishing e-mails do not necessarily have to contain phishing links. Therefore, reliable corporate protection must include antiphishing capabilities both at the mail server level<\/a> and on users' computers<\/a>.<\/p>\n
- Mailboxes do not suddenly exceed their limits. Outlook starts warning users that space is running out long before they reach the limit. To suddenly exceed it by 850MB would probably mean receiving about that much spam all at once, which is extremely unlikely.\n