HQ/EMEAFind out how we can help your business
The increase of newly discovered cryptocurrency spam and scams that leverage the “Release scores” feature of Google Forms quizzes has become the primary perpetrator for numerous fraudulent activities.
Based on reports, these scams involve convincing victims to invest in cryptocurrency or share sensitive details, showing a new strategy for cybercriminals to exploit unsuspecting individuals.
Hackers generate these Google Forms quizzes to execute a targeted cybercriminal operation.
According to investigations, the spam and scam operators behind these malicious Google Forms quizzes have utilised their victims’ email addresses to generate and disseminate the forms to these emails.
Once the users submit these forms, the scammers can access the responses and activate the “Release scores” feature on Google Forms. This flaw allows them to send customised email messages using the victim’s Google account “From:” address, potentially increasing the odds of the emails reaching the victim’s inbox since they originate from Google’s servers.
An example of a scam involves an email subject line reading “Score released: Balance 1.3320 BTC.” Clicking on the ‘View’ button redirects users to a fake Google form response, requesting confirmation of their email addresses.
Consequently, the method redirects the victims to an external link instructing the users to activate accounts allegedly containing Bitcoins worth over $46,000. The campaign enhances the deception by guiding the victims through a live chat session to provide their names and email addresses. In the last part of the campaign, the scammers instruct victims to pay an exchange fee of ‘0.25%’ or $64 by scanning a QR code to claim the promised amount.
This alarming trend follows closely on the heels of Google’s warning about threat actors exploiting its Calendar service to host command-and-control (C2) infrastructure. The exploitation leverages a tool called Google Calendar RAT, first published on GitHub in June, which enables attackers to use event descriptions in Google Calendar to create a malicious channel.
The sophistication in orchestrating these new spam attacks shows how cybercriminals exploit personal information for financial gain, even extracting money from unsuspecting victims. As these scams persist, organisations must remain vigilant, use Indicators of Compromise (IoCs), and proactively block malicious indicators to protect against these cyber threats.
