Fraudsters Are Using Google Forms to Evade Email Filters

Healthcare Info Security

Prajeet Nair

Fraudsters are using Google Forms to target retail, telecom, healthcare, energy and manufacturing companies in an apparent reconnaissance campaign to identify targets for follow-up business email compromise attack.

"Unfortunately, Google services are often abused for malware distribution, credential phishing and, in this case, as part of email fraud. Google is often a trusted source in many organizations, so threat actors leverage that goodwill for their attacks," says Sherrod DeGrippo, senior director of threat research and detection at Proofpoint.

Researchers at Proofpoint note that the attackers are leveraging Google Forms to bypass email security content filters based on keywords.

"This hybrid campaign combines...

Get the Morning Update

Thanks for subscribing!