Beware! Researchers are warning about a rise in crypto spam and scam messages that leverage the "Release scores" feature of Google Forms quizzes to deliver emails. These spam messages ask victims to invest in crypto or share their details.

Here’s how it works

According to Cisco Talos, spammers exploit Google Forms to create quizzes and use any victim's email to complete the form. 
  • After submission, spammers can view the responses and activate the "Release scores" feature on Google Forms. 
  • This enables them to send customized email messages, using the Google account's "From:" address, potentially increasing the chance of delivery to the victim's inbox since the emails come from Google's servers.

Sample scam

In one such campaign, the email appeared to come under the subject header “Score released: Balance 1.3320 BTC.’’
  • Clicking on the ‘View’ button redirected users to the fake Google form response that asked them to confirm their email address. 
  • Consequently, they were directed to an external link that prompted them to take action to activate their accounts that contained Bitcoins worth more than $46,000.
  • To make it look more convincing, victims were then assisted via a live chat session to fill in their names, and email addresses.
  • At the final stage, the victims were instructed to pay an exchange fee of ‘0.25%’ or $64 by scanning a QR code to claim the amount.

Google features actively targeted

  • The latest scam comes a few days after Google warned of threat actors exploiting its Calendar service to host C2 infrastructure. 
  • The exploitation was being carried out through a tool called Google Calendar RAT, which was first published to GitHub in June.
  • The tool enabled attackers to exploit the event descriptions in Google Calendar to create a covert channel.

Ending notes

The meticulous planning involved in executing this spam attack highlights the lengths to which cybercriminals can go to exploit individuals’ personal information and extract even a modest sum of money. As these types of scams continue to emerge now and then, organizations must stay updated on IoCs and block malicious indicators.
Cyware Publisher

Publisher

Cyware