- Criminals are sending electronic notification of custom Google forms
- Electronic emails avoid filters and land in people's entry trays
- State victims can claim cryptography if they only pay the commission rates
Kaspersky cybersecurity researchers have marked that Google Forms is being abused in phishing emails aimed at cryptocurrency owners.
Google Forms is a free web -based application that allows users to create surveys, tests and forms.
Since it is a Google product, any notification that generally generates the email protections and land in people's entry trays, and cybercriminals are now exploiting this fact to try to make people pay for a non -existent cryptographic transaction.
False cryptography site
In these attacks, criminals create a questionnaire with a single space for email address. They present the address themselves, after which the victim receives a shipping notification by email.
This notification can also be customized, and threat actors create it to look like a notification of a cryptographic transaction service. The email says that the recipient has a pending payment that must be finished before “expiring.”
By clicking on the link provided in the email, sends the victim to a false encryption exchange site, where they need to contact “support” and make a “commission” payment to receive the transfer.
Obviously, there is no support, no commission and no transfer: the money they give goes directly to the scammers and is lost forever.
“This campaign demonstrates a cunning exploitation of a reliable and widely used platform to offer scam attacks to cryptocurrency users,” said Andrey Kovtun, manager of the email threat protection group in Kaspersky.
“When elaborating electronic confirmation emails from fraudulent shipping that mimic legitimate notifications of cryptography exchanges, the attackers used the credibility of the platform to avoid email filters, and also the lack of familiarity of the victim with their format to attract them to disseminate the credentials of confidential wallets. There is a critical need for users to verify the links of the writing and the security linked.
With Phishing's emails, an old adage is still standing: if something sounds too good to be true, it probably is.
