With the Western hemisphere turning to cold months, cases of COVID-19 and cyberattacks based on it tend to grow gradually.
Phishing campaigns are one such thing, where crooks theme their templates around COVID-19 to lure people into offering their sensitive information. The latest campaign, as spotted by INKY, is made around COVID-19 grants to US small businesses, using Google Forms.
Leveraging Google Forms for Phishing Attacks
Researchers at INKY, an email security firm, have tracked a new phishing campaign where the crooks are leveraging Google Forms to collect sensitive data. They noted that malspam volumes have doubled in September, when compared to the previous three months, and warn of rising even more.
The latest campaign in this pursuit is impersonating the U.S. Small Business Administration (SBA) on a theme of offerings grants to the COVID-19-affected small businesses in the country. Threat actors are using Google Forms to host their phishing pages, with fake support programs such as the “Paycheck Protection Program”, “Revitalization Fund”, and “COVID Economic Injury Disaster Loan.”
Hackers exploiting the form builders for their campaigns isn’t new, as they give free hosting, encrypted data traffic, and brand recognition. And since the US SBA had similar programs run in the past, the crooks’ campaign now gains some credibility.
The phishing email asks the recipients to apply for the program by clicking on an embedded button, which is a phishing form made on Google form. The data blanks include their Google account credentials, SSNs, EINs, State ID and driver’s license details, and bank account number.
When filled and clicked submit, all these sensitive details will be transported to the threat actors, who may use them for other malicious means. As it’s dangerous, business owners are advised to remain vigilant and treat all incoming messages offering financial support with suspicion.
