Researchers have issued a warning about an increase in crypto spam and scam messages that use the “Release scores” feature of Google Forms quizzes to send emails. These messages ask victims to invest in crypto or share their personal details.
According to Cisco Talos, spammers are using Google Forms to create quizzes and input victim’s emails to complete the forms. After submission, the spammers can view the responses and activate the “Release scores” feature on Google Forms. This allows them to send customized email messages using the victim’s Google account’s “From:” address, increasing the chance of delivery since the emails come from Google’s servers.
In a sample scam, the email subject header appeared as “Score released: Balance 1.3320 BTC.” Clicking on the ‘View’ button redirected users to a fake Google form response asking them to confirm their email address. They were then directed to an external link where they were prompted to take action to claim Bitcoins worth over $46,000. Victims were even assisted via live chat to provide their personal information and were instructed to pay an exchange fee of ‘0.25%’ or $64 to claim the amount.
This latest scam comes after Google warned of threat actors exploiting its Calendar service to host C2 infrastructure. They were using a tool called Google Calendar RAT that allowed attackers to exploit event descriptions in Google Calendar to create a covert channel.
The level of planning involved in this spam attack showcases the lengths to which cybercriminals will go to exploit personal information and extract even small amounts of money. Organizations need to stay updated on IoCs and block malicious indicators to protect against these types of scams.