Scammers are hijacking Google Forms and using a fake AI chatbot to steal money

data privacy
(Image credit: Shutterstock / Zeeker2526)

Scammers have found another way to abuse a legitimate cloud service to deliver spam and phishing messages to people’s inboxes. 

This particular campaign, however, takes it a step further, as the attackers also deploy a fake AI chatbot in an attempt to steal people’s cryptocurrency.

The tactics were described as paying “extraordinary attention to detail” by cybersecurity researchers from Cisco Talos, who recently observed scammers abusing Google Forms to carry out the spam campaign.

Reader Offer: $50 Amazon gift card with demo

Reader Offer: $50 Amazon gift card with demo
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?

Spamming for Bitcoin

Here’s how it works: First, they create a new Forms file. They choose the “make this a quiz” option. Then, they tweak two key settings: Release grades later, after manual review (which forces the quiz to collect email addresses), and “Responder input” under Responses (this allows the attacker to fill the form using the victim’s email address).

Now, Forms generates a link to the document, which the attackers access, fill it (the answers are irrelevant), and press “Release scores”. This prompts Forms to send an email notification to the victim - a message that can be fully customized before being shipped out. 

The contents of the message may vary, but the goal is always the same - to trick people into thinking that a year ago, they logged into a Bitcoin cloud mining service and forgot about it. Now, they “mined” more than 1.3 bitcoin, which equals roughly $48,000. To withdraw the cash, the victims are first approached by a fake AI chatbot that helps them exchange the cryptocurrency for fiat currency (USD, for example), and later demands a small “exchange fee” of roughly $64, which should be paid in bitcoin, to an address shared by the chatbot. 

Obviously, there is no Bitcoin and the money sent this way is forever lost. The good news is that by the time Cisco Talos’ researchers discovered the campaign, no one paid anything.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.