A new campaign utilizing Google Forms to impersonate popular brands such as Office 365, Wells Fargo, and Microsoft OneDrive has been discovered. The phishing attacks aim to collect credentials from targets, utilizing a common technique in which recipients of the phishing emails are re-directed to fraudulent login pages masquerading as legitimate services. The login pages pretend to belong to more than 25 different companies, brands, and government agencies.
Researchers have found 265 different Google Forms used in the attacks. The Google Forms are likely sent through email and use sophisticated social engineering tactics to lure victims into clicking on malicious files. According to researchers, more than 70% of the forms purported to be from AT&T. Zimperium researchers published an analysis on Tuesday claiming that the links remain active for several months despite being added to public phishing databases.