BazarCall Scammers Exploit Google Forms for Phishing Attacks
BazarCall attacks have evolved to use Google Forms to generate and send phishing emails disguised as payment receipts, making them appear more legitimate. The attackers create a fake transaction form using Google Forms and enable the "response receipt" option, which sends a copy of the completed form to the target's email address. As the email originates from a Google address, it bypasses email security tools. The email includes a phone number for recipients to call within 24 hours to dispute charges, adding urgency. BazarCall attacks have previously been used to gain access to corporate networks for ransomware attacks.