The world is made up of people who seek to build and use the software to improve the lives of others, but unfortunately there are also those who dedicate themselves to destroying. Since the Internet exists, there have also been scams that take place through this means, as well as the dissemination of viruses and other criminal actions. Today another variant has emerged that you have to be aware of: Scams through Google forms, especially aimed at retail companies in the telecommunications, health, energy and manufacturing sectors.
The Google Forms, or Google forms in Spanish, are mostly used to create surveys easily and quickly. They are very useful when planning events, asking people questions and gathering information in a simple and efficient way.
Creating a form through Google Forms is very simple. Different types of questions can be selected, such as short answers, paragraphs, multiple choice, among others. In addition, the results are emptied into a spreadsheet, all hosted in the Google Drive cloud
But what is the risk? In the case of the scams we mentioned above, cyber criminals are using Google Forms to do a business email compromise attack.
As Google is a company with high credibility, it is easy to make people believe that those who use their tools have good intentions.
the way it is fraud through Google Forms is being done is that email security content filters, based on keywords, are bypassed. In this way, criminals take advantage of Google services by delivering thousands of malicious messages.
It is similar to the credential phishing campaigns that have been going on for many years on the web, where people write and send emails bypassing security filters.
In accordance with Panda Security “Phishing refers to sending emails that appear to come from trusted sources (such as banks, energy companies, etc.) but are actually intended to manipulate the recipient to steal sensitive information. That is why it is always advisable to access web pages by typing the address directly in the browser.”
The lure to carry out the attack is the sense of urgency. Furthermore, they send the messages using unique names of high-level executives of a specific target organization. In these messages, the criminal will usually request a quick task as a favor, something similar to fraud through gift cards or gift cards.
When the victim clicks on the links in the email, they are taken to a default untitled form hosted on Google Forms. Here the goal is to get a response from the victim under the pretext that the survey is not broken.
In the same way, it is possible that there is a second objective in which the form works as a sensor to see if someone completes the form and thus know who is more likely to click on a suspicious link.
Software criminals have not rested, despite the current pandemic in the world. Taking advantage of the vulnerable situation that millions of people live on the planet, these cyber-criminals have tried to carry out scams in which they use emails with the theme of the Covid-19 vaccine.
These crimes include business email compromise scams, messages with malicious attachments to deliver malware, and phishing emails aimed at collecting credentials, such as usernames and passwords for Microsoft Office 365, for example.
Companies that have been or could be targeted for these crimes must work closely with their cybersecurity areas. These, in turn, must keep up to date with everything that happens in the virtual world, thus trying to stay one step ahead.
Keep in mind that you can always count on The Cloud Group if you require software insurance that protects you from attacks against computer crimes, always keeping all the sensitive information that you and your company handle safe.