Beware!! Hackers Abuse Google Forms to Conduct Phishing Attacks

Recently, the threat actors have disguised more than 25 various companies, including different brands and government offices. The cybersecurity researchers asserted that the threat actors could perform any possible way to convince that they are legitimate. 

In this incident, the hackers have used 265 Google Forms in an attempt to steal user passwords and credentials.

The researchers also noticed that cybercriminals mistreat the trust people they have in the google.com domain to attract them into delivering their password and login credentials through a genuine-looking Google Form.

Targeted companies

According to the report that has been given by the researchers, there are more than 70 percent of the sites that have been targeted by AT&T. And here we have provided the full list of targeted companies, brands, and government agencies below:-

  • AOL (America Online)
  • AT&T
  • Binance
  • BT Group (British Telecommunications)
  • Capital One
  • Citibank
  • European Union – Foreign Direct Investments
  • GESupplier.com
  • Google Docs
  • IRS (Internal Revenue Service)
  • Mexican Government
  • Microsoft OneDrive
  • Microsoft Outlook
  • Oca Card
  • OneDrive
  • Office 365
  • Pôle Emploi
  • SBC
  • Sir
  • Sky – TATA
  • Swisscom
  • T-Mobile
  • Trust Wallet
  • Web.de
  • Wells Fargo
  • Yahoo
  • Zimbra

Google Form Phishing

Google Forms is a review administration app included in the Google Docs Office Suite and Classroom simultaneously with Docs, Sheets, and Slides. 

Google Form for phishing has numerous other advantages:- 

  • The hosting of the domain doesn’t have to be determined by the attacker.
  • Existing under a Google domain bypasses the detection of reputation that are based on phishing detectors.
  • All the phishing detectors which are based on domain antiquity won’t operate on this site.
  • Google Forms also implement a justifiable SSL certificate that means the users that are relying on the “secure” implication of the browsers are easily misled at no cost.
  • Google Forms state automatically at the bottom of each form, “never submit password via Google forms,” but many victims often overlook this.   

Upsurge of Phishing

The researchers stated that the number of phishing websites that are using HTTPS traffic increased from 12 percent in early 2019 to nearly 60 percent now. The rise in price is because of all new phishing techniques that are appearing quite often. 

However, Google Forms are very easy to perform, but at the same time, it arrives with the trust-building benefit of being hosted under the google.com domain. 

The Cybersecurity recognition training guides the users to watch out for all kinds of errors or tricks that can uncover a scam. The researchers also mentioned that most of the time, cybercriminals use the company’s logo and branding to resemble themselves more legitimate.

You can follow us on LinkedinTwitterFacebook for daily Cyber security and hacking news updates.

Leave a Reply