Researchers are warning of phishing attacks that leverage Google Forms as a landing page to collect victims’ credentials. The forms masquerade as login pages from more than 25 different companies, brands and government agencies.
So far, 265 different Google Forms used in these attacks have been uncovered, which are likely sent to victims via email (using social engineering tactics). More than 70 percent of these forms purported to be from AT&T. However, other big brands – including financial orgs like Citibank and Capital One, collaboration apps like Microsoft OneDrive and Outlook, and government agencies like the Internal Revenue Service (IRS) and even the Mexican government – were also seen (a full list of impersonated brands
is available here).
“According to our findings, the links remained active for several months after being added to public phishing databases,” according to Zimperium researchers
in a Tuesday analysis. “All of the Google Forms were removed by Google after we reported it to them.”
Google Forms is a survey administration app – utilized for quizzes, RSVPs and otherwise – that are part of Google’s Docs Office Suite and Classroom. Many of the phishing Google Forms – like the AT&T form below – utilize the company’s brand, and tell users to “sign in” with their email and password, then to click “submit.”
Researchers said that cybercriminals’ use of Google Forms is clever from a phishing perspective, as they are easy to create and are hosted under the Google domain. The Google domain host gives victims the false sense that they are legitimate and avoids phishing detection tactics.
threatpost.com
