Security News > 2023 > December > BazarCall attacks abuse Google Forms to legitimize phishing emails
A new wave of BazarCall attacks uses Google Forms to generate and send payment receipts to victims, attempting to make the phishing attempt appear more legitimate.
BazarCall, first documented in 2021, is a phishing attack utilizing an email resembling a payment notification or subscription confirmation to security software, computer support, streaming platforms, and other well-known brands.
Email security firm Abnormal reports that it has encountered a new variant of the BazarCall attack, which now abuses Google Forms.
Google Forms is a free online tool that allows users to create custom forms and quizzes, integrate them on sites, share them with others, etc.
As Google Forms is a legitimate service, email security tools will not flag or block the phishing email, so delivery to the intended recipients is guaranteed.
Google shares "Fix" for deleted Google Drive files.
News URL
Related news
- Australian Organisations Targeted by Phishing Attacks Disguised as Atlassian (source)
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- Google Pay alarms users with accidental ‘new card’ added emails (source)
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Google Scholar has a 'verified email' for Sir Isaac Newton (source)
- Samsung phone users under attack, Google warns (source)