ECONOMY & WORK
MONEY 101
NEWS
PERSONAL FINANCE
NET WORTH
About Us Contact Us Privacy Policy Terms of Use DMCA Opt-out of personalized ads
© Copyright 2023 Market Realist. Market Realist is a registered trademark. All Rights Reserved. People may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.
MARKETREALIST.COM / NEWS

Beware of the new Phishing Attack Which Uses Google Forms; Here's how the Tactic Works

BazaCall phishing scammers are stepping up their game by incorporating Google Forms into their deceptive campaigns. Evolving their tactics, they exploit false urgency and use dynamic URLs, making it challenging for traditional security measures to detect.
PUBLISHED DEC 31, 2023
The Google logo is projected onto a man on | Getty Images | Photo by Leon Neal
The Google logo is projected onto a man on | Getty Images | Photo by Leon Neal
The image of the Google logo is reflected on the eye of a young man | Getty Images | Photo by Leon Neal
The image of the Google logo is reflected on the eye of a young man | Getty Images | Photo by Leon Neal

Google and the services it offers from mail to documents to online forms as well as drive, have become integral parts of life for people working online. But this digital exposure and credibility that the tech giant offers, can also be exploited to fool unsuspecting victims. In a concerning development, the notorious BazaCall phishing scammers are adopting new tactics to enhance the authenticity of their malicious campaigns. Security experts have detected a shift in their modus operandi, with the threat actors now leveraging Google Forms to add a layer of credibility to their deceptive schemes.

The BazaCall phishing attacks, initially observed in 2020, have become more sophisticated with time. In these attacks, cybercriminals send emails disguised as legitimate subscription notices, prompting recipients to contact a so-called support desk urgently. The ruse is to dispute or cancel a fictitious plan, with potential charges ranging from $50 to $500.

To manipulate victims, the attackers induce a sense of urgency, urging targets to engage in a phone call. During this call, scammers convince victims to grant remote access using desktop software, claiming to assist in canceling the alleged subscription. Popular services like Netflix, Hulu, Disney+, Masterclass, McAfee, Norton, and GeekSquad are often impersonated to lure unsuspecting victims.

In the latest variant of BazaCall attacks, cybersecurity firm Abnormal Security has identified the use of Google Forms as a tool to collect details related to fake subscriptions. The attackers cleverly enable response receipts in the form, sending copies of the responses to the victim's email. This manipulation is designed to make the responses appear as payment confirmations for legitimate services, such as Norton Antivirus.

Sitting in front of computer terminals, young people send and receive e-mail at an internet cafe | Getty Images | Photo by Robert Nickelsberg
Sitting in front of computer terminals, young people send and receive e-mail at an internet cafe | Getty Images | Photo by Robert Nickelsberg

The choice of Google Forms introduces an additional layer of cunning, as responses originate from the trusted domain "forms-receipts-noreply@google.com." This tactic increases the likelihood of bypassing secure email gateways, enhancing the phishing campaign's effectiveness. Moreover, Google Forms' use of dynamically generated URLs makes it challenging for traditional security measures to detect and block threats, as these URLs constantly change.

The adoption of Google Forms by BazaCall scammers showcases their adaptability and willingness to exploit trusted platforms. This evolution in tactics, combined with the use of dynamic URLs, poses a significant challenge to conventional security measures. As threat actors continue to refine their methods, organizations and individuals must stay vigilant against phishing attempts to safeguard their sensitive information.

BazaCall's incorporation of Google Forms into their phishing attacks highlights the ever-changing landscape of cybercrime. The blending of social engineering tactics with trusted platforms highlights the need for continuous cybersecurity awareness and advanced threat detection measures. As the threat landscape evolves, security experts emphasize the importance of staying informed and adopting proactive security measures to mitigate the risk of falling victim to such deceptive schemes.

MORE ON MARKET REALIST
While the player, Kristin Cook was happy to take home over $26,000, fans were disappointed.
10 hours ago
The contestant, Erwin Paminiano, was stumped by the Bonus Round puzzle, but took the loss in stride.
12 hours ago
The host put his arm around the player, Daryl, and said he was 'shocked' when he got the correct answer.
13 hours ago
Once again, Ken Jennings proved that players can have a lot of fun on the serious game show.
1 day ago
While Harvey was expecting to hear some funny responses, the ladies blew his mind with their powerful answers.
1 day ago
The player, Clint Ingalls' disastrous choice of letters gave him no chance in the end.
2 days ago
The show's expert, Alan Fausel, was astonished by the fabulous Richard Cosway drawing.
2 days ago
The high school teacher could barely contain her excitement after cracking the Bonus Round puzzle.
2 days ago
The founders of Vade Nutrition couldn't the refuse the offer from Mark Cuban and Alex Rodriguez.
3 days ago
The creator claimed that the Costco avocado didn't feel or taste real, especially when compared to a ripe, organic one.
3 days ago
The player, Kenneth Blount-Hames, was stumped by a simple, everyday phrase in the final round.
3 days ago
The painting had been with the guest for 30 years, and she was curious about it.
4 days ago
It was hard for Harvey to digest what he was hearing from the senior players.
4 days ago
The best friends, Hanna Chung and Laura Tarpley, got tricked by just one word in the end.
5 days ago
The player, Shannon Hunt got the host excited before missing the puzzle by a few letters.
5 days ago
The founder of Hairfin managed to make it through the heckling to get a deal.
5 days ago
The player, Jeff Richardson put up a stunning performance to drive home a new car.
6 days ago
Since Kevin O'Leary made the offer just to mess with Corcoran, the deal hit the Shark where it hurts.
6 days ago
Harrison chose to pass on the most important item of the collection for a strange reason.
6 days ago
The contestant, Alexa Kalanz was doing well throughout the game despite a rough start.
6 days ago