Google forms are used by cybercriminals in scams

Sophos cybersecurity researchers have identified several ways in which the Google Forms service is used by cyber criminals in their scams.

      New Google Security Center brings more protection tips and tools
    • Google fixes new critical security holes in Chrome
    • Error on Google platform may expose user data of more than thousand apps

    Sophos researchers discovered these methods while they were studying how criminals were avoiding the detection by protection systems using encrypted communication protocols.

    Sean Gallagher, senior threat researcher at Sophos, comments that the team’s analysis shows that even the use of Forms Google by criminals is mainly done in weak or amateur phishing and fraud attempts, signs point that other scammers are using the platform for more sophisticated crimes. Gallagher goes on to say that during the research, uses of Google forms were identified as hosting data stolen by malware.

    Want to catch up on the best tech news of the day? Access and subscribe to our new channel on youtube, Canaltech News. Every day a summary of the main news of the tech world for you!

    Sophos researchers believe criminals are apparently aware of Google’s policy of disabling accounts who abuse its services, including Google Forms. For experts, the small volume of attacks carried out with the platform and the fact that most of the attacks are targeted mean that the scammers are taking care not to lose access to the forms.

    The methods identified

    Sophos researchers have identified several ways that criminals use Google Forms in your blows.

    Suspicion of forms asking in some field for password of any service, (Image: Reproduction/Sophos)

    The first method is exploited by amateur criminals for phishing. Using fake emails, scammers send messages to users saying that to stop receiving that type of spam, just click on the link provided and fill in the requested data. After the click, victims are redirected to Google forms, where fields for email and password are provided with necessary filling. Paying attention, internet users will hardly fall for this scam.

    The second method is to use Google Forms to collect information without having to make a website. This type of abuse is mainly done by rogue applications, which use the Google form as part of the user interface, without the need to waste time and resources programming a page or program session dedicated to user feedback, for example.

    This program, behind the user interface, it’s collecting and submitting data to a Google form. (Image: Reproduction/Sophos)

    Another method uses Google Forms in the background of the victim’s computer, from running programs that send malicious access requests to the network from the computer. This method allows the occurrence of data exfiltration, that is, unauthorized transfer of information to other machines or networks.

    The method that allows data exfiltration works similarly to the record of information in a database, including using the same commands at the code level, with the difference being that instead of the information being sent to a SQL server, for example, it is sent to a Google form, whose address can be discovered by checking requests for access to other networks made on the computer.

    Finally, criminals use Google forms to simulate e-commerce payment pages, where the user types the payment information in the available fields which, at the click of the submit button, are made available to the creator of the page. Victims end up not suspecting anything, after all, Google Forms pages always appear with padlocks in the address bar, in addition to using Transport Layer Security (TLS) encryption, making it difficult to detect potential fraud by antivirus services.

    For more information on the use of Google Forms by criminals, access the article provided by Sophos, which even has a demonstration of the use of the form as a database.

    Source: Techradar, Sophos

    Did you like this article?

    Subscribe your email on Canaltech to receive daily updates with the latest news from the world of technology.

    508115 508115 508115 508115

Related Articles

Back to top button