(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)
Hackers posing as different companies, brands and governments agencies used Google Forms to steal passwords and credentials, according to security researchers at Zimperium.
The researchers found that links remained active for several months after being added to public phishing databases, and were later removed by Google after Zimperium team reported the issue to the search giant.
Scammers used more than 25 brands and 265 different Google Forms to dupe unsuspecting users of top brands.
Their analysis found that more than 70% of the sites targeted AT&T (or Yahoo and AT&T together). Other brands include Citibank, Mexican government, Microsoft Outlook, Office 365, Wells Fargo, Yahoo and others.
“Whether a company’s logo or brand was used once or several times on different Google Forms, the phishing dangers were very real,” Zimperium said in a report.
Google Forms are very attractive from a phishing perspective as it is easy to use and hosted under Google domain, it added. Besides, Phishing detectors based on domain antiquity won’t work in this site. Google Forms also provide a valid SSL certificate which implies that a user is relying on the ‘secure’ indication of the browsers.
Google forms state automatically at the base of each form “never submit password via Google forms”, but this is evidentially ignored by many victims. Researchers showed how hackers created Google Forms to trick users to steal AT&T user’s credentials.
The form wasn’t detected as phishing as it used a high-reputation domain, established several years ago, and it used a valid SSL certificate. A similar form was created to target Office 365 users where hackers were trying to get Wells Fargo banking credentials.
Attackers even created a form trying to get a user’s Google Doc credential.
According to Zimperium’s research, the amount of phishing websites using HTTPS traffic rose from 12% in early 2019 to almost 60% as of November.