Security News > 2021 > April > Google Forms and Telegram abused to collect phished credentials
Security researchers note an increase in alternative methods to steal data from phishing attacks, as scammers obtain the stolen info through Google Forms or private Telegram bots.
Email remains the preferred method to exfiltrate stolen info but these channels foreshadow a new trend in the evolution of phishing kits.
Analyzing phishing kits over the past year, researchers at cybersecurity company Group-IB noticed that more of these tools allow collecting stolen user data using Google Forms and Telegram.
Sending stolen data collected from a phishing site to Google Form is done through a POST request to an online form whose link is embedded in the phishing kit.
Another trend the researchers observed was that the authors of phishing kits were double-dipping to increase their profits by adding code that copies the stream of stolen data to their network host.
Yaroslav Kargalev, Deputy Director of Group-IB's incident response team says that scammers today use automation to replace blocked phishing pages quicker.