Security News > 2020 > November > Google Forms Abused to Phish AT&T Credentials
More than 200 Google Forms impersonate top brands - including Microsoft OneDrive, Office 365, and Wells Fargo - to steal victims' credentials.
Researchers are warning of phishing attacks that leverage Google Forms as a landing page to collect victims' credentials.
"All of the Google Forms were removed by Google after we reported it to them."
There are two red flags that pop up when a user is presented with a Google Form phishing page - first of all, though the impersonated brand is used, the forms can look strange and not like the legitimate page.
Second of all, Google Forms state automatically at the base of each form "Never submit password via Google forms." However, this is evidentially ignored by many victims, said researchers.
News URL
https://threatpost.com/google-forms-abused-to-phish-att-credentials/160957/