Scammers have found another way to abuse a legitimate cloud service to deliver spam and phishing messages to people’s inboxes.
However, this particular campaign goes a step further as the attackers also deploy a fake AI chatbot in an attempt to steal people’s cryptocurrency.
The tactics were described by cybersecurity researchers as ‘extraordinary attention to detail’ Cisco Taloswho recently saw scammers abusing Google Forms to carry out the spam campaign.
Spamming for Bitcoin
This is how it works: First they create a new Forms file. They choose the option ‘make it a quiz’. They then adjust two important settings: release grades later, after manual review (which forces the test to collect email addresses) and “Responder Input” under Comments (this allows the attacker to fill out the form with the victim’s email address) .
Now Forms generates a link to the document, which the attackers access, fill it in (the answers are not relevant) and press “Release scores”. This prompts Forms to send an email notification to the victim – a message that can be completely customized before being sent.
The content of the message may vary, but the goal is always the same: to trick people into thinking they logged into a Bitcoin cloud mining service a year ago and forgot about it. Now they have ‘mined’ more than 1.3 bitcoin, which amounts to about $48,000. To withdraw the money, victims are first contacted by a fake AI chatbot that helps them exchange the cryptocurrency for fiat money (e.g. USD), and later asks for a small ‘exchange fee’ of around $64, which is in bitcoin must be paid. , to an address shared by the chatbot.
It is clear that Bitcoin does not exist and money sent this way is lost forever. The good news is that by the time Cisco Talos researchers discovered the campaign, no one had paid anything.