This sneaky malware hijacks Google Forms to demand money in nasty phishing scheme
A new version of BazarCall, a phishing attack designed to take money from victims, has been spotted, this time hijacking Google Forms to generate fake receipts to make malicious phishing attacks look more legitimate.
The attack gets its name from the way victims are manipulated into contacting the threat actor, sometimes via a phone call.
The alarm, generated by Abnormal securityreveals the latest wave of BazarCall attacks after they first became popular in 2020.
Beware of that strange receipt
The campaign starts with a phishing email that resembles a receipt for a payment or subscription. Abnormal Security says the alleged costs range from $49.99 to more than $500 – quite significant amounts that are intended to raise alarm bells among victims.
The group has been observed impersonating dozens of high-profile companies, including Netflix, Hulu, Disney+, McAfee and Norton.
The sense of urgency impressed on the victim then pressures him to call a number in the email to dispute the charge.
The attacker uses Google Forms to create a fake invoice, using details such as invoice numbers, payment methods, and the product or service. They then enter the victim's email address into one of the fields, after which a receipt is sent to the victim.
This way, the email comes from a google.com domain, evading detection by increasing the sense of legitimacy.
The goal is for the group to gain access to an organization's assets by tricking the recipient into installing malware.
Abnormal Security says that older security tools such as secure email gateways are no longer able to keep up with these more advanced attack methods. Since it is now 2023, it should come as no surprise that artificial intelligence is being proposed as a solution.
The company says AI-native solutions could use ML to identify this email as an attack. It's clear that more creative and newer attacks require a revised approach to security as we know it today.