Google Forms Set Baseline For Widespread BEC Attacks

A threat actor has been sending thousands of emails to organizations, in what researchers warn is a reconnaissance campaign to identify targets for a possible follow-up business-email-compromise (BEC) attack. So far, researchers have observed thousands of messages being sent to companies, predominantly delivered to retail, telecommunications, healthcare, energy and manufacturing sectors. Of note, the campaign leverages Google’s Forms survey tool. This use of Google Forms by cybercriminals is not new and is routinely observed in credential phishing campaigns to bypass email security content filters. However, in this attack, the use of Google Forms may also prompt an ongoing dialogue between the email recipient and the attacker – setting them up as a victim for a future BEC trap, researchers say. “This hybrid campaign combines the benefits of scale and legitimacy by leveraging Google Services with social engineering attacks, more commonly associated with BEC,” according to Proofpoint researchers in a Wednesday analysis. The messages contain unique names of C-level executives from the target organizations, indicating that the cybercriminals have done their homework when it comes to pinpointing victims. The messages themselves are “simple but convey a sense of urgency,” said researchers – they ask the victim if they have a “quick moment” to carry out a task, as the purported sender is supposedly heading into a meeting or too busy to handle the task themselves, and point to a…

Source