What you’re up against here is social engineering – the biggest threat anywhere. The firewalls and the spam filters are all engineered to operate within a particular set of rules, and to filter out things that fit x, y, and z criteria. Presumably, anything that does not fit such criteria is a legitimate email message – which is exactly how regular emails get through such barriers.
Hackers are not stupid. They know what parameters the security technology looks for – and specifically write their emails and such so as to not trigger such technology.
At that point, a vulnerability has not been created. The vulnerability has been created, once the user has been conned into clicking on the link, and entering their login credentials. This vulnerability would be the same regardless of whether it was sent from an outside device, masquerading as a company user, or if the actual person’s device had been hijacked, effectively having been sent from that actual person.
This is where best practices come into play. Instead of relying strictly on the technology, it is best to train employees to exchange documents on Google drive by sharing, and accessing it THROUGH Google Drive, by logging in themselves, and going to documents that are “shared with me”. Relying on a link may offer a more convenient route to the document, but the risk it poses is much too great.