Cybercriminals are now exploiting Google Forms to scam unsuspecting cryptocurrency users in a clever twist to online fraud.
According to new research by cybersecurity firm Kaspersky, the scam campaign involves tricking users into believing they have received a crypto transfer by sending fake notifications via Google Forms.
Once the user follows the instructions, they are asked to pay a “commission” fee in cryptocurrency to receive the supposed transfer, which, of course, does not exist.
How the scam works
The attackers start with a simple but deceptive trick: they input the victim’s email address into a pre-created Google Form.
- When this happens, Google automatically sends a confirmation email to the address entered, which is designed to look like a legitimate submission receipt.
- What’s particularly crafty is that this email contains official Google Forms attributes, including the Google logo, a link to the form, and the email field value, giving it an air of legitimacy and allowing it to bypass most spam filters.
“The attackers crafted this form submission confirmation to look like a notification from a crypto transaction service. It indicates a sum to be paid out and urges the user to click a link to claim it before the offer ‘expires’,” Kaspersky explained.
Once the link is clicked, users are taken to a scam website where they’re told to contact a so-called “blockchain support” and pay a commission to receive the funds, which never arrive.
Using trusted tools for fraud
Kaspersky warns that this scam is particularly dangerous because it leverages the credibility of Google’s platform and users’ unfamiliarity with how form confirmations work.
“This campaign demonstrates a cunning exploitation of a trusted and widely used platform to deliver scam attacks on cryptocurrency users,” said Andrey Kovtun, Email Threats Protection Group Manager at Kaspersky.
“By crafting fraudulent submission confirmation emails that mimic legitimate notifications from crypto exchanges, attackers used the platform’s credibility to bypass email filters and lure victims into divulging sensitive wallet credentials,” Kovtun added.
With digital currencies becoming more mainstream, crypto users have become high-value targets for cybercriminals.
Kaspersky recommends users take the following precautions to avoid falling victim to such scams:
- Never click on links in unsolicited or unexpected messages, even if they appear to come from legitimate services.
- Check for unusual details in emails, such as references to Google Forms you never interacted with.
- Verify the source of any crypto-related notifications and always access your wallet or exchange account via official apps or websites.
As phishing campaigns become more creative, users are reminded to remain cautious and adopt robust security habits to safeguard their digital assets.
