If someone with a Google account received a link to a file on Google Drive that they don’t have access to, they wouldn’t be able to open it. If they click the link they’ll be brought to a page that says “You need permission” and instructs them to click a blue button that says “Request Access” on it. If they request access, the owner of the document will receive an email like this, with a blue button in it, prompting them to “Open sharing settings” in order to provide that access to the requester:
There are a couple of reasons why this could be dangerous. First, it opens up the possibility that a document owner could, in a moment of distraction or haste, accidentally approve someone who shouldn’t have access. Second, if someone is regularly receiving emails like this one, where they are prompted to click a button, it increases their chances of getting phished. It’s trivial for a malicious actor with average skills to craft an email that looks like it’s coming from someone you know, or Google itself. They could even make an email that looks like this, but that contains a malicious link, instead of a link to the real document. If the recipient of the email is not in the habit of receiving or clicking on emails that look like this, they are much more likely to regard an email like this with suspicion, than to click a button that hides a malicious link.
For these reasons, we recommend only sharing a Google file by going to Google Drive first, opening it, and changing the sharing settings from inside the file. If you use Slack, you can set up the Google Drive app to share and manage requests for access to documents, right in your Slack workspace. You can also set your filters in your Gmail, to keep you from seeing these types of email requests. One important thing to remember, when you set up filters, is to ensure that folks who may make legitimate requests to access the document know how to reach you via an alternative to email.