Security News > 2020 > November > Google Forms Abused to Phish AT&T Credentials

Google Forms Abused to Phish AT&T Credentials
2020-11-04 21:48

More than 200 Google Forms impersonate top brands - including Microsoft OneDrive, Office 365, and Wells Fargo - to steal victims' credentials.

Researchers are warning of phishing attacks that leverage Google Forms as a landing page to collect victims' credentials.

"All of the Google Forms were removed by Google after we reported it to them."

There are two red flags that pop up when a user is presented with a Google Form phishing page - first of all, though the impersonated brand is used, the forms can look strange and not like the legitimate page.

Second of all, Google Forms state automatically at the base of each form "Never submit password via Google forms." However, this is evidentially ignored by many victims, said researchers.


News URL

https://threatpost.com/google-forms-abused-to-phish-att-credentials/160957/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 141 994 4922 2872 1623 10411