Security News > 2021 > April > Tax Phish Swims Past Google Workspace Email Security
A W2 tax email scam is circulating in the U.S. using Typeform, a popular software that specializes in online surveys and form building.
According to Armorblox, the campaign also bypasses native Google Workspace email security filters in the victims it examined.
Researchers said that one of the most notable aspects of the campaign is its ability to skirt around email defenses, including native Google Workspace email security.
"The email title, content and context aimed to induce a sense of fear and urgency in the victims. By using tax and deadline-related anxieties that beset the best of us, attackers hope that victims click before they think," researchers explained.
They added, "The email includes a link that says 'Learn about messages protected by Office 365' that leads to a real Microsoft-hosted page with security information. Attackers often include such signifiers in emails to lull victims into a false sense of security."
"If an email does make it into the inbox, then go to the website and call the number to check if it is authentic and do not call the number if provided within the email as, most likely, it is fake also," he advised.
News URL
https://threatpost.com/tax-phish-google-workspace-email-security/165376/
Related news
- Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation (source)
- Google Chrome gets a mind of its own for some security fixes (source)
- Security measures fail to keep up with rising email attacks (source)
- 80% of Critical National Infrastructure Companies Experienced an Email Security Breach in Last Year (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- Google Pay alarms users with accidental ‘new card’ added emails (source)