BazarCall attacks abuse Google Forms to legitimize phishing emails

BazarCall attacks abuse Google Forms to legitimize phishing emails

December 13, 2023 at 03:41PM

A recent surge in BazarCall attacks includes the exploitation of Google Forms to fabricate and dispatch fraudulent payment receipts, augmenting the appearance of authenticity. Initially surfaced in 2021, BazarCall employs phishing tactics via sham payment notifications from reputable companies. The updated method entails sending false payment confirmations using Google Forms, evading email security checks and heightening credibility.

From the meeting notes:

– A new variant of the BazarCall attack has been identified, which now abuses Google Forms to send payment receipts to victims, making the phishing attempt appear more legitimate.
– The attacker creates a Google Form with fake transaction details and enables the “response receipt” option, sending a copy of the completed form to the submitted email address.
– As Google Forms is a legitimate service, email security tools will not flag or block the phishing email, ensuring delivery to the intended recipients.
– The email originates from a Google address (“[email protected]”), lending it additional legitimacy, and includes the threat actor’s phone number for recipients to call within 24 hours to make any disputes, creating a sense of urgency.
– The previous BazarCall attack was used to gain initial access to corporate networks, typically leading to ransomware attacks.

Let me know if you need any further information or if there’s anything else I can assist you with.

Full Article