Security News > 2021 > January > Google Forms Set Baseline For Widespread BEC Attacks

This use of Google Forms by cybercriminals is not new and is routinely observed in credential phishing campaigns to bypass email security content filters.

In this attack, the use of Google Forms may also prompt an ongoing dialogue between the email recipient and the attacker - setting them up as a victim for a future BEC trap, researchers say.

Google Forms is a survey administration software that's offered as part of Google's Doc Editors suite.

Attackers have previously leveraged Google services - including Google Forms - in various malicious ways.

One phishing attack in November used Google Forms as a landing page to collect victims' credentials, with the forms masquerading as login pages from more than 25 different companies, brands and government agencies.

Another November campaign used a Google Form and an American Express logo to try and get victims to enter sensitive information.

News URL

https://threatpost.com/google-forms-set-baseline-for-widespread-bec-attacks/163223/