Digital Times Nigeria
  • Home
  • Telecoms
    • Broadband
  • Business
    • Banking
    • Finance
  • Editorial
    • Opinion
    • Big Story
  • TechExtra
    • Fintech
    • Innovation
  • Interview
  • Media
    • Social
    • Broadcasting
Facebook X (Twitter) Instagram
Trending
  • Konga Unveils 3rd Edition Of Mid-Year Shopping Festival With Unbeatable Discounts
  • Fred Agbata, Anambra ICT Agency Boss Emerges NiRA Financial Secretary
  • Stakeholders At eBusinessLife Girls In ICT Day Event Call For More Action On Girls Participation In ICT
  • UK Minister For Africa Concludes Strategic Visit To Nigeria To Deepen Bilateral Ties
  • NATEP Relaunched As Nigeria Targets 1 Million Jobs, $1 Billion FDI In Digital Service Exports
  • “How Do I Kelee Gi?”: The Song That Rose From The Rubble Of A Lagos Bomb Blast
  • Hydrogen, Lagos State Govt Power Wellness Drive For Business Owners In Ikeja
  • Tinubu Hails NASENI’s Contributions To National Economy
Facebook X (Twitter) Instagram
Digital Times NigeriaDigital Times Nigeria
  • Home
  • Telecoms
    • Broadband
  • Business
    • Banking
    • Finance
  • Editorial
    • Opinion
    • Big Story
  • TechExtra
    • Fintech
    • Innovation
  • Interview
  • Media
    • Social
    • Broadcasting
Digital Times Nigeria
Home » Sophos Lists 7 Ways Cyberscammers, Malware Operators Abuse Google Forms
TechExtra

Sophos Lists 7 Ways Cyberscammers, Malware Operators Abuse Google Forms

DigitalTimesNGBy DigitalTimesNG27 September 2021No Comments4 Mins Read
Facebook Twitter Pinterest Telegram LinkedIn Tumblr WhatsApp Email
Sophos Research Contests
Share
Facebook Twitter LinkedIn Pinterest Telegram Email WhatsApp

Sean Gallagher, a senior threat researcher at Sophos has said that the extent to which cyberattackers abuse Google Forms came to light while they were carrying out research on how malware abuses encryption to conceal its activities and communications.

According to Gallagher, “Google Forms offer cyberattackers an attractive proposition: the forms are easy to implement and trusted by both organisations and consumers; the traffic to and from the service is secured with Transport Layer Security (TLS) encryption so it can’t be easily inspected by defenders, and the whole set up essentially provides a free attack infrastructure.”

The Sophos researcher, however, noted that Google frequently shuts down accounts associated with a mass abuse of applications, including Google Forms but added that the kind of low-volume, targeted use of Forms by some malware could stay under the radar.

“Business defenders need to be alert to this threat and apply caution whenever they see links to Google Forms, or any other legitimate services trying to obtain credentials, and they should not inherently trust TLS traffic to ‘known good’ domains such as docs.google.com,” he said.

Gallagher further stated: “Our analysis shows that while most abuse of Google Forms by cyberattackers remains firmly in the low-skill phishing and fraud spam space, there are increasing signs that adversaries are taking advantage of the platform for more sophisticated attacks. Sophos’ examples of this include attackers using Google Forms to exfiltrate data and for malware command-and-control.”

Sophos researchers have, therefore, identified cyberscammers and malware operators abusing Google Forms in the seven following areas:

READ ALSO  Mart Networks Reaffirms Commitment To Nigeria’s Tech Ecosystem

Phishing: Despite the fact that Google warns users on every page of a form not to enter password details, Sophos found several examples where attackers tried to convince potential victims to enter their credentials into a Google Form laid out to resemble a login page. These forms were often tied to malicious spam campaigns.

Malicious spam campaigns: One of the largest sources of Google Forms links in spam was “unsubscribe” links in scam-related marketing emails. Sophos has intercepted a number of spam-based phishing campaigns that targeted Microsoft online accounts, including Office365.

The spam claimed that recipients’ email accounts were about to be shut down if they were not immediately verified, and offered a link to a Google Form that asked the user to enter their Microsoft credentials. These Google Forms pages were decorated with Microsoft graphics but, still, clearly a Google Form.

Payment card data theft: Entry-level scammers use Google Forms’ ready-made design templates to attempt to steal payment data through faked “secure” e-commerce pages.

Potentially Unwanted Applications (PUAs), such as adware: The researchers discovered a number of PUAs targeting Windows users. These apps use Google Forms pages surreptitiously, with the web requests collected and submitted to forms automatically without any need for user interaction.

Fake user interfaces for malicious Android apps: Sophos found some malicious Android applications that made use of Google Forms to capture data without having to code a back-end website. Most of these were adware or PUAs. For instance, the researchers found “SnapTube,” a video app that generates revenue for the developer through web advertising fraud and which includes a Google Forms page for user feedback.

READ ALSO  Sophos Unveils New XGS Series Desktop Firewalls, Updated Firewall Software

Data removal: The researchers uncovered a number of more sophisticated threats abusing Google Forms. This included malicious Windows applications that used web requests to Google Forms pages to ‘push’ stolen data from computers to a Google spreadsheet via Google Forms.

Part of the wider malicious cyberattack infrastructure: Sophos telemetry has detected a number of PowerShell scripts interacting with Google Forms. We were able to prototype how PowerShell scripts could be used to scrape Windows profiling data from a computer and submit it to a Google Forms form automatically.

Sophos products, including Intercept X for endpoints, defend against most malicious spam that carries forms-based phishing campaigns and detect the behaviours of system information collection discussed in the new research.

Sophos also advises consumers to install a security solution, such as Sophos Home, on the devices that they and their families use for online communications and gaming to protect everyone from malware and cyberthreats.

 

#Cyberscammers #Google Forms #Malware Operators #Sophos
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleSmile Unveils 3 New Exciting International Voice Plans
Next Article Ericsson Announces New Company Vision, Fresh Branding
DigitalTimesNG
  • X (Twitter)

Related Posts

Fred Agbata, Anambra ICT Agency Boss Emerges NiRA Financial Secretary

2 June 2025

PalmPay Unveils ‘Passing The Baton’ CSR Initiative To Drive Financial Inclusion In Northern Nigeria

30 May 2025

Experts, Industry Leaders Push For Bold Digital Reforms In Nigeria

23 May 2025

New IT Clearance Framework To Curb Waste, Boost Transparency In MDAs- NITDA

20 May 2025

Anambra State Govt Unveils Innovative SolutionLens Platform Today

15 May 2025

NITDA, Lancaster University Mull Collaboration To Boost Innovation, Entrepreneurship In Nigeria

13 May 2025

Comments are closed.

Categories
About
About

Digital Times Nigeria (www.digitaltimesng.com) is an online technology publication of Digital Times Media Services.

Facebook X (Twitter) Instagram
Latest Posts

Konga Unveils 3rd Edition Of Mid-Year Shopping Festival With Unbeatable Discounts

3 June 2025

Fred Agbata, Anambra ICT Agency Boss Emerges NiRA Financial Secretary

2 June 2025

Stakeholders At eBusinessLife Girls In ICT Day Event Call For More Action On Girls Participation In ICT

2 June 2025
Popular Posts

Building Explainable AI (XAI) Dashboards For Non-Technical Stakeholders

2 May 2022

Building Ethical AI Starts With People: How Gabriel Ayodele Is Engineering Trust Through Mentorship

8 January 2024

Gabriel Tosin Ayodele: Leading AI-Powered Innovation In Web3

8 November 2022
© 2025 Digital Times NG. Designed by Max Excellence LLC.
  • Advert Rate
  • Terms of Use
  • Advertisement
  • Private Policy
  • Contact Us

Type above and press Enter to search. Press Esc to cancel.