Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Why am I getting Google Drive notifications about strangers' documents?
57 points by l0b0 9 days ago | hide | past | favorite | 21 comments
Google Drive keeps popping up messages like this:

> [redacted]@gmail.com "Mentioned you in [Russian-looking document name]"

What gives? Why on Earth would I be notified of documents mentioning me? And how do they know it's me? Is it basically any document containing my email address or something? This seems such an obvious phishing/trojan attempt that I've not clicked on any of them.

It's a common issue google are refusing to solve for some reason - https://support.google.com/drive/thread/6434357

When you read stuff like: "[...] I got the exact same porn spam in Google Drive yesterday [...]" it seriously makes you wonder why on earth Google wouldn't care about that kind of harrasement happening on their platform.

I also wonder what would happen if one would start spamming Sundar Pichai's Google Drive like that...

I'd be surprised if he had a publicly exposed mailbox. Most likely it would just add more work for some assistant triaging his inbox.

"This question is locked and replying has been disabled."


Yikes, 600+ upvotes and no response? There must be thousands of users frothing at the mouth by now.

Workaround: terminate and disable Google Drive.

For those comfortable with either self hosting or paying, Nextcloud is a good alternative.

This is spam, they are just spraying the equivalent of calendar invites

Yep, adding random invites by email to the document in hopes someone reads it. Spam over google drive instead of email basically.

I don't use Google Drive, so perhaps a naive question:

If someone clicks on the link, is/are the author(s) of the document able to see who the reader is? If so this seems like a huge vector to increase the spammers 'signal' ratio to target specific individuals (people that click through stuff and their potential interests - finance, porn, gardening, who knows).

They can if you are signed in using the same Google Account that was invited to the document

Wow. Most potential targets, perhaps not an average HN reader, would stay logged in because of the convenience of accessing GMail and/or YouTube, and perhaps other services.

This seems a dangerously effective vector for targetted phishing.

>This seems a dangerously effective vector for targetted phishing.

How is it any different than email phishing?

It's an official email from Google. Gmail will never mark it as spam.

> How is it any different than email phishing?

A Google URL is more trusted.

Yeah it's spam. I clicked through one, it was a one-slide PP with a link going to a phishing site.

I wonder if this is a similar attempt that the calendar event spam we had a few years ago where you'd get calendar invites to random events, with the spam being in the event notes.

Also this from google forms



Lately getting these spam emails via google forms


Reporting as spam doesn't work. the bitly link takes to a .tk domain.

Anyone else facing this ?

You don't have to be using a Gmail account to get them. My FastMail account got these notifications a few days ago, but by the second day the spam filtered had them figured out.

Yep, getting at least one per day now. Horribly annoying. I guess the only solution for now is to totally disable Slides notifications?

I also had these, couldn't read it anyway.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact