Security News > 2023 > December > BazarCall attacks abuse Google Forms to legitimize phishing emails
A new wave of BazarCall attacks uses Google Forms to generate and send payment receipts to victims, attempting to make the phishing attempt appear more legitimate.
BazarCall, first documented in 2021, is a phishing attack utilizing an email resembling a payment notification or subscription confirmation to security software, computer support, streaming platforms, and other well-known brands.
Email security firm Abnormal reports that it has encountered a new variant of the BazarCall attack, which now abuses Google Forms.
Google Forms is a free online tool that allows users to create custom forms and quizzes, integrate them on sites, share them with others, etc.
As Google Forms is a legitimate service, email security tools will not flag or block the phishing email, so delivery to the intended recipients is guaranteed.
Google shares "Fix" for deleted Google Drive files.
News URL
Related news
- ClickFix attack delivers infostealers, RATs in fake Booking.com emails (source)
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails (source)
- Coinbase phishing email tricks users with fake wallet migration (source)
- Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos (source)
- Why it's time for phishing prevention to move beyond email (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- Google is making sending end-to-end encrypted emails easy (source)