Google Forms Abused to Phish AT&T Credentials

2020-11-04 21:48

More than 200 Google Forms impersonate top brands - including Microsoft OneDrive, Office 365, and Wells Fargo - to steal victims' credentials.

Researchers are warning of phishing attacks that leverage Google Forms as a landing page to collect victims' credentials.

"All of the Google Forms were removed by Google after we reported it to them."

There are two red flags that pop up when a user is presented with a Google Form phishing page - first of all, though the impersonated brand is used, the forms can look strange and not like the legitimate page.

Second of all, Google Forms state automatically at the base of each form "Never submit password via Google forms." However, this is evidentially ignored by many victims, said researchers.

News URL

https://threatpost.com/google-forms-abused-to-phish-att-credentials/160957/

#at&t #credential #google #phish

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Google		102	253	4216	4506	727	9702