Google Forms Exploited by BazarCall Scammers in Sophisticated Phishing Scheme
Originally Published 2 years ago — by The Hacker News
The BazaCall phishing scammers have started using Google Forms to enhance the credibility of their attacks. By impersonating popular subscription services like Netflix and Norton, the scammers send emails urging targets to contact a support desk to dispute or cancel a plan. In the latest attack variant, a Google Form is used to share details of the supposed subscription, with response receipts enabled to send a copy of the form to the target. The use of Google Forms and dynamically generated URLs helps bypass traditional security measures. In a separate phishing campaign, recruiters are being targeted with direct emails that lead to the More_eggs JavaScript backdoor, attributed to a financially motivated threat actor known as TA4557.