Security News > 2023 > December > BazarCall attacks abuse Google Forms to legitimize phishing emails
A new wave of BazarCall attacks uses Google Forms to generate and send payment receipts to victims, attempting to make the phishing attempt appear more legitimate.
BazarCall, first documented in 2021, is a phishing attack utilizing an email resembling a payment notification or subscription confirmation to security software, computer support, streaming platforms, and other well-known brands.
Email security firm Abnormal reports that it has encountered a new variant of the BazarCall attack, which now abuses Google Forms.
Google Forms is a free online tool that allows users to create custom forms and quizzes, integrate them on sites, share them with others, etc.
As Google Forms is a legitimate service, email security tools will not flag or block the phishing email, so delivery to the intended recipients is guaranteed.
Google shares "Fix" for deleted Google Drive files.
News URL
Related news
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)
- European companies hit with effective DocuSign-themed phishing emails (source)
- Scams Based on Fake Google Emails (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Phishing Emails Targeting Australian Firms Rise by 30% in 2024 (source)
- Google takes action after coder reports 'most sophisticated attack I've ever seen' (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- Google to Iran: Yes, we see you using Gemini for phishing and scripting. We're onto you (source)
- Google says hackers abuse Gemini AI to empower their attacks (source)
- Google fixes Android kernel zero-day exploited in attacks (source)