Google Forms are being used as a way to obtain the sensitive information of business owners through COVID-19 phishing emails, according to a new report.
Email security firm INKY shared the findings of an upcoming report it is due to publish with Bleeping Computer. It found that the amount of malspam (malicious spam emails) doubled during September alone when compared to the summer period (June to August). Such attacks are expected to become more prevalent moving forward.
The phishing emails in question pretend to be from the U.S. Small Business Administration (SBA), which uses the Google Forms platform in order to host phishing pages. The objective of these pages is to steal the personal details of business owners who fill in their information.
Although the government program has provided COVID-19 financial recovery services in the past, SBA is not doing so at the moment with the pandemic slowing down.
In any case, the phishing emails highlight how individuals can still qualify for programs such as the “Paycheck Protection Program,” the“Revitalization Fund,” and “COVID Economic Injury Disaster Loan.” Contained within the email is a button that redirects targets to a Google Forms page.
The phishing forms attempt to appear as a trusted source by duplicating information deriving from past SBA financial support programs, with applicants asked to largely share the same details. Information pertaining to Google account credentials, SSNs, EINs, State ID and driver’s license details, and bank account numbers are all requested by the page.
Once the information is filled in and the submit button is clicked by the user, a “Your response has been recorded” message is displayed. In reality, however, all the corresponding data is sent directly to the threat actors.
With winter approaching, COVID-19 infections could be subjected to a considerable rise, which allows cybercriminals to use the opportunity to lure in unsuspecting business owners.
At the height of the pandemic, Google was blocking 18 million coronavirus scam emails on a daily basis.
As for this particular campaign, there are clear indicators that it’s a phishing attempt. As pointed out by Bleeping Computer, the phishing emails redirect users toward a Google Forms page, while the SBA would request the submission of information through its official website instead. The emails, meanwhile, feature grammatical errors as well.
As always, if you are a business owner — especially one that has received monetary relief from COVID-19 programs before — be sure to carefully check any suspicious emails claiming to be from the SBA.