How Fraudsters Abuse Google Forms to Spread Scams
Summary:
Malicious actors are increasingly exploiting Google Forms due to its widespread use, trusted reputation, and user-friendly design. Since its launch in 2008, Google Forms has gained nearly 50% of the form-building market, making it an attractive target for cybercriminals. These threat actors take advantage of the platform's legitimacy and free access to create convincing phishing campaigns at scale. Google Forms links often bypass traditional email security filters and appear trustworthy to unsuspecting users, making it easier for attackers to deceive victims. Common tactics include crafting fake forms that impersonate well-known institutions like banks, social media platforms, or universities, with the goal of harvesting login credentials, financial data, or redirecting users to malware-laced sites. Some attackers use call-back phishing, sending forms that pressure users into calling fraudulent phone numbers, where scammers extract sensitive information or convince victims to install remote access software. Others exploit the quiz feature to send deceptive messages containing phishing or malware links.
Security Officer Comments:
Google Forms has become a common tool of exploitation for threat actors targeting universities. Because schools and academic institutions frequently use these forms for surveys, research, and administrative tasks, cybercriminals see an opportunity to exploit their legitimacy and familiarity. Notably, Google reported a rise in attacks against the U.S. education sector last year, highlighting the growing threat. In these incidents, victims received phishing emails containing links to malicious Google Forms. Both the emails and the forms were carefully spoofed to resemble official university communications, featuring institutional logos, mascots, and references to the school’s name, to increase credibility. The ultimate goal of these attacks was to steal login credentials and financial information from unsuspecting recipients.
Suggested Corrections:
Recommendations from ESET:
https://www.welivesecurity.com/en/scams/how-fraudsters-abuse-google-forms-spread-scams/
Malicious actors are increasingly exploiting Google Forms due to its widespread use, trusted reputation, and user-friendly design. Since its launch in 2008, Google Forms has gained nearly 50% of the form-building market, making it an attractive target for cybercriminals. These threat actors take advantage of the platform's legitimacy and free access to create convincing phishing campaigns at scale. Google Forms links often bypass traditional email security filters and appear trustworthy to unsuspecting users, making it easier for attackers to deceive victims. Common tactics include crafting fake forms that impersonate well-known institutions like banks, social media platforms, or universities, with the goal of harvesting login credentials, financial data, or redirecting users to malware-laced sites. Some attackers use call-back phishing, sending forms that pressure users into calling fraudulent phone numbers, where scammers extract sensitive information or convince victims to install remote access software. Others exploit the quiz feature to send deceptive messages containing phishing or malware links.
Security Officer Comments:
Google Forms has become a common tool of exploitation for threat actors targeting universities. Because schools and academic institutions frequently use these forms for surveys, research, and administrative tasks, cybercriminals see an opportunity to exploit their legitimacy and familiarity. Notably, Google reported a rise in attacks against the U.S. education sector last year, highlighting the growing threat. In these incidents, victims received phishing emails containing links to malicious Google Forms. Both the emails and the forms were carefully spoofed to resemble official university communications, featuring institutional logos, mascots, and references to the school’s name, to increase credibility. The ultimate goal of these attacks was to steal login credentials and financial information from unsuspecting recipients.
Suggested Corrections:
Recommendations from ESET:
- Use multi-layered security software from a reputable provider on all computers and mobile devices. This will help to ensure that, even if you click on a malicious link, the malware download will be blocked. Good software will also spot suspicious patterns, even if the Google Form itself appears legitimate, as well as scan your machine/device periodically and keep you safe from anything malicious.
- Stay alert to potential phishing scams. You shouldn’t trust anything unsolicited which asks you to click on a link or call a number urgently. Instead, take a deep breath, relax, and contact the sender separately; not via the number or link provided. Another useful tactic is to hover over links to check the real destination. Make sure your email security solution
- Enhance security at log-in by using strong, unique passwords for every account, stored in a password manager for easy recall. Then switch on multi-factor authentication (MFA) for every account you use online. This means that, even if hackers get hold of your password, they can’t access your account. A hardware-based security key or an authenticator app is best.
- Pay attention: Google always displays a warning on Google Forms, telling recipients “Never submit passwords through Google Forms". Follow its advice.
https://www.welivesecurity.com/en/scams/how-fraudsters-abuse-google-forms-spread-scams/