Researchers say they have observed thousands of messages using Google Forms to target retail, telecom, healthcare, energy and manufacturing companies in an apparent reconnaissance campaign to launch future business email compromises (BECs).
The attackers used Google Forms to bypass email security content filters based on keywords, according to a blog released Wednesday by Proofpoint Threat Research. The researchers said the hybrid attack used Google Forms with social engineering attacks more commonly associated with BECs.
The attackers used Google Forms to compose and send emails, from unique email addresses of C-level executives, to evade ingress and egress email filters, and make no attempt to use display-name spoofing. The specific emails are simple but convey a sense of urgency. They demand a “Quick Task” from the user in response to the sender who claims to be heading into a meeting or too busy to handle the task themselves. The actor politely asks the user if they “have a moment,” a common opener in Gift Card fraud.
The link in the email then leads the user to ..
Support the originator by clicking the read the rest link below.
