- Crooks sends personalized Google forms notification emails
- E-mails bypass filters and landing in people’s reception boxes
- State victims can claim crypto if only they pay commission fees
Kaspersky cybersecurity researchers reported that Google Forms is abused in phishing emails targeting cryptocurrency owners.
Google Forms is a free web application that allows users to create surveys, quizs and forms.
Since it is a Google product, all the notifications that it generally manages by e -mail protections and landed in people’s reception boxes – and cybercriminals are now exploiting this fact to try to bring people to pay an nonexistent cryptographic transaction.
False Crypto site
In these attacks, the crooks create a questionnaire with a single location for the email address. They himself submit the address, after which the victim receives a notification of submission by e-mail.
This notification can also be personalized and threat actors create it to look like a notification from a cryptographic transaction service. The email indicates that the recipient has a pending payment which must be finalized before it “expires”.
Click on the link provided in the email sends the victim to a false crypto exchange site, where they must contact the “support” and make a “commission” payment to receive the transfer.
Obviously, there is no support, no commission and no transfer – the money they give goes directly to the crooks and is lost forever.
“This campaign demonstrates a cunning exploitation of a trusted platform and widely used to provide scam attacks against cryptocurrency users,” said Andrey Kovtun, director of the threat protection group by e-mail at Kaspersky.
“By making confirmation emails of fraudulent submission which imitate the legitimate notifications of crypto exchanges, the attackers used the credibility of the platform to bypass messaging filters, as well as the ignorance of the victim with his format to attract them to disclose sensitive portfolio references.
With phishing emails, an old adage is always held – if something seems too good to be true, this is probably the case.
