One type of phishing method uses Google Drive's collaboration features to trick people into giving out personal or confidential information. Scammers share Drive documents containing harmful links that ask people to enter information. The links can also appear in Drive's automatic email notifications. Because the email notifications come from Google, users might be tricked into thinking message contents are legitimate.
Drive tries to detect and block spam and phishing sharing from external users. Google Workspace admins can provide additional protection from this risk by taking these steps:
- Limit external sharing with an allowlist or trust rules.
- Allowlist: First, create a list of trusted domains. Then choose which internal users are limited to getting file shares only from users in those domains. Then allow sharing only with allowlisted domains and uncheck the option to allow users to receive files from outside of allowlisted domains. This approach is supported for all Google Workspace editions. For steps, go to Manage external sharing for your organization.
- Trust rules: These rules work similarly to the allowlist but give you more granular control. You can manage sharing by internal users and sharing by external users separately. For steps, go to Create and manage trust rules for Drive sharing.
- Ensure that all domains on your allowlist require 2-Factor Authentication or use other account security practices. These authentication measures limit the likelihood of compromised accounts being used to send spam.
