COVID-19 phishing campaigns now use Google Forms in attacks

October 18, 2022
COVID19 Phishing Campaigns Fraud Prevention Google Forms

Threat actors are once again applying COVID-19 phishing schemes to infect targets. Based on reports, the phishing attack used Google Forms to target US-based individuals.

According to researchers, the malware spam campaigns have doubled their number since September compared to the lower count for the last three months. The latest campaign spoofs the US Small Business Administration (SBA) and use Google Forms to host phishing webpages that could steal information from targeted business owners.

The recent campaign has become efficient since the targeted entity executed COVID-19 financial recovery programs during the pandemic. However, SBA is currently not operating any recovery programs.

Threat actors used the Paycheck Protection Program and COVID Economic Injury Disaster Loan to exploit as lures to bait targets with their phishing campaign. The emails urge its targets to apply for the program by accessing an embedded button that redirects them to a Google Forms webpage.

The phishing Google forms impersonate the content of SBA used in their previously executed program. The form requests recipients enter their information to access their offered loans and assistance.

Some of the credentials requested by the phishing page are SSNs, EINs, Google account credentials, driver’s license information, and bank account number.

Once a target clicks the submit button, the threat actors harvest all the input data. Subsequently, the adversaries will inform the victims that their response has been recorded after stealing the information.

 

COVID-19 phishing schemes will likely increase as winter approaches.

 

Experts claimed that the COVID-19 phishing attacks would surge as the colder months approach since the infection rate will also likely increase.

Organisations should remain wary and cautiously treat all messages with care, especially those offering financial support. In addition, companies should teach their employees to check the sender details and used domains.

Users could spot errors with these phishing forms since the legitimate Google Forms include a warning that states “never to submit passwords on the platform.” If a form does not contain such a phrase, there is a good chance that it is a phishing attempt.

Lastly, the Small Business Administration never requests information to be passed on Google forms since they cater directly to applicants on their website.

About the author