Google Forms exploited in crypto-stealing scam - here's what we know

News
By published

Forms can bypass email filters, and target victims

Illustration of a hooked email hovering over a mobile phone
(Image credit: Getty Images)
  • Crooks are sending out customized Google Forms notification emails
  • The emails bypass filters and land in people's inboxes
  • They state victims can claim crypto if only they pay commission fees

Cybersecurity researchers Kaspersky have flagged that Google Forms is being abused in phishing emails targeting cryptocurrency owners.

Google Forms is a free web-based application which allows users to create surveys, quizzes, and forms.

Since it is a Google product, any notifications it generates generally bypass email protections and land into people’s inboxes - and cybercriminals are now exploiting this fact to try and get people to pay for a non-existing crypto transaction.

Fake crypto site

In these attacks, crooks create a questionnaire with a single slot for the email address. They submit the address themselves, after which the victim receives an emailed submission notification.

This notification can also be customized, and the threat actors create it to look like a notification from a crypto transaction service. The email says the recipient has a pending payment that needs to be finalized before it “expires”.

Clicking on the link provided in the email sends the victim to a fake crypto exchange site, where they need to contact “support” and make a “commission” payment to receive the transfer.

Obviously, there is no support, no commission, and no transfer - the money they give away goes straight to the scammers and is lost forever.

"This campaign demonstrates a cunning exploitation of a trusted and widely used platform to deliver scam attacks on cryptocurrency users,” said Andrey Kovtun, Email Threats Protection Group Manager at Kaspersky.

“By crafting fraudulent submission confirmation emails that mimic legitimate notifications from crypto exchanges, attackers used the platform’s credibility to bypass email filters, and also the victim’s unfamiliarity with its format to lure them into divulging sensitive wallet credentials. There is a critical need for users to verify email sources, scrutinize links and adopt robust security measures to protect their digital assets.”

With phishing emails, an old adage still stands - if something sounds too good to be true, it probably is.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.