Using Google Forms Abused to Phishing Attempted


Google Forms Fraud Email Technique to Gather Personal Information

Phishing attacks using google forms

    Evil phishing scams that feign Google Docs requests are sweeping the Internet today, including a decent proportion of companies." Google Forms email scam" refers to a phishing spam campaign, which uses Google Forms to collect user data under pretences.

    The term "spam campaign" defines a mass operation, in which thousands of fraudulent emails are sent. Google Forms is survey administration software, part of the Google Docs Editors suite.

    One of the researchers says that cybercriminals use Google Forms cleverly because they are easy to create and hosted on the Google domain. 

    Cyber Criminals Are Taking Advantage of Google Forms

    Google forms are also used for legitimate reasons and have a good chance of being produced by Google and are not automatically blocked by email filters. They are very easy to produce and have the advantage of hosting on Google domains.

    Different Google forms used in the attacks have been uncovered and sent to victims using social engineering tactics. What makes these cyber-attacks successful is the ability to bypass traditional email security by using Google form URLs. Links that are identified as malicious by the email security gateways are unlikely because the links in those emails direct the user to Google Docs, Google Drive, or other Google services such as Gmail.

    Using Google Forms Reported Phishing Email Samples

    One research company published a report that revealed that fraudsters have used a total of 265 Google Forms to imitate a variety of companies. The researchers identified six campaigns that abused the same email addresses as well as several other forms of communication.

    At the time of research, there were six variations of this phishing email attack scam distributed through the "Google Forms" spam campaign. 

    1. The first email from Pedro Quezada foundation is donating gift money asking to fill in personal details.Reported Email ID: antoniodoruso@gmail.com, pedroquezada008@gmail.com

    Pedro Quezada foundation Fraud Email

    2. The second email from Ms. Kristalina Georgieva asking for details to release International Monetary Fund also provides Watsup number: +1(763)852-9116. Reported Email ID: nationalcourierservice6@gmail.com, internalmonetaryfund1975@gmail.com

    3. Third email Compliments Of The Season have been gifted $1.5 Million United State Dollars in 2020 Donation Funds asking to contact us from Mr.Bernard Arnault. Reported Email ID : baamault023@gmail.com

    4. Forth email from Director Remittance Department Oversea Credit Commission for the speedy release of your long over-due payment. Reported Email ID : infobriandytss@gmail.com,overseapaymentdeptorg@gmail.com,overseapeymentdeptorg@yandex.com

    Remittance Department Oversea Credit Commission Fraud Email

    5. Fifth email from Mr. Geoffrey Mudenzi a senior government official in the Department of Public Works.Reported Email ID: deptowh229@gmail.com, geomela2020@gmail.com

    6. Sixth email regarding Mr.JosephJ.Keller funds out from the Industrial and Commercial Bank of China (ICBC) New York city.Reported Email ID : mrs.dorindalynnqxxxx19@gmail.com,revfathermarkpotman@firemail.at

    Commercial Bank of China Spam Email

    Point to Be Noted 

    • Above all versions contain links to surveys on Google Forms, which ask users to provide personal information.
    • It should be noted that the misleading letters that have proliferated through the "Google Forms" spam campaign are scams and none of the information they contain is true. Therefore, all data revealed.
    • Both versions contain links to surveys on Google Forms, which ask users to provide personal information. It should be noted that the misleading letters that have proliferated through the "Google Forms" spam campaign are scams.

    Best Way to Prevent Get Effect from Cyber Attack

    • The phishing attempt is most likely successful because Google displays the password you never entered in Google Forms next to the submit button. This condition is ignored by many victims, but it is important to note: Never enter a password on a Google form. Google claims that the form contains a warning not to enter passwords or account details in Google forms. The phishing page is hosted at the same time as the email and asks you for your email address, phone number, address, and credit card number.

    • Never clicking on mysterious, unwanted attachments is a very good tactic to avoid falling victim to, but phishing emails aimed at spreading malware are often sent as blank messages with attachment. There are several ways to prevent these emails by protecting your children, parents, and grandparents from spam, online scams, and phishing.

    Post a Comment