Cybercriminals are now leveraging Google Forms, a legitimate and widely trusted tool within Google’s ecosystem, to execute a sophisticated phishing campaign targeting cryptocurrency users, Kaspersky latest report revealed.
The scam, uncovered in a recent investigation, begins with fraudsters inputting victims’ email addresses into pre-configured Google Forms. Once submitted, Google’s infrastructure automatically sends a confirmation email to the unsuspecting recipient, containing official Google branding, layout, and form details, lending an air of authenticity that allows it to bypass most spam filters.
Reacting to the findings of the investigation, cybersecurity researcher at Kaspersky, Olga Kovtun, stated that the attackers crafted this form submission confirmation to look like a notification from a crypto transaction service.
“It indicates a sum to be paid out and urges the user to click a link to claim it before the offer expires,” Kovtun added.
Read also: Cybercrime is West, East African most dominant security concern — INTERPOL
Once the victim clicks the link, they are directed to a fake page that mimics a crypto wallet or exchange portal. There, they are prompted to pay a “commission” fee in cryptocurrency to receive a non-existent transfer. In reality, the only transaction that occurs is the loss of the victim’s funds to scammers.
Kaspersky researcher noted that the attackers are taking advantage of Google’s reputation and infrastructure to avoid detection. “By crafting fraudulent submission confirmation emails that mimic legitimate notifications from crypto exchanges, attackers used the platform’s credibility to bypass email filters and lure victims into divulging sensitive wallet credentials,” Kovtun averred.
The firm warned that with digital currencies gaining popularity, crypto holders have become high-value targets for increasingly creative cyberattacks. This latest campaign illustrates how trusted tools can be weaponised to deceive users and steal digital assets.
Kaspersky advised users to remain vigilant by avoiding links in unsolicited or unexpected emails, even those from seemingly official sources; verifying the source of all cryptocurrency-related notifications by accessing wallets or exchanges directly through official apps or websites and checking for unusual details in emails, such as unexpected references to Google Forms or unrecognised transactions.
