Scammers Are Now Using Google Forms for Identity Theft

google forms scams

We increasingly find ourselves using digital versions of what were once paper-only systems. From applying for a credit card to signing up the kids for a school trip, we are often asked to fill in online digital forms and sign them with a digital signature.

Scammers are taking advantage of this by using Google Forms to create documents that appear legitimate, tricking victims into handing over sensitive information. They are sending these forms via phishing emails or text messages. It is difficult for security and spam filters to detect and block these attacks, since the forms themselves are hosted by Google’s trusted servers.


Scam Detectors Most Trusted Websites in Online Security
  1. Guard.io (100): Protect your digital world on any device – Guardio stops scams and phishing in their tracks.
  2. Incogni.com (100): Delete your personal data from the internet and protect against scams and identity theft.
  3. ExpressVPN (100) Stay secure and anonymous online - Best VPN Out There

How Scammers Are Using Google Forms to Fraudulently Obtain Data

Scammers Are Now Using Google Forms for Identity Theft

Method 1: Phishing for Credentials

Scammers design forms that mimic official online login pages for banks, social media platforms, and shopping websites. They often incorporate accurate logos and branding to make the page appear even more convincing. When an unsuspecting victim fills in their information on what they think is a real login page, the scammers receive the login details and can then hijack the victim’s account to commit identity or payment fraud.

Method 2: Fake Urgent Requests to Verify and Secure Your Account or Claim Prizes

Another common scam involves pressuring the victim to act immediately to secure an account that has been compromised. Often, emails will claim that the account will be frozen or closed if the victim doesn’t verify it via a Google Form link. In similar attacks, scammers claim the victim is eligible for a prize, a large discount, or a sum of money, but only if they complete the attached form first.

Method 3: Callback Phishing (“Vishing”)

This is a common scam. The victim receives what they think is an unexpected charge or bill from a trusted provider such as Netflix, PayPal, or FedEx. The form will prompt the victim to call a fake customer service phone number to dispute the charge. Once the victim makes that call, a scammer on the phone will then manipulate them into providing sensitive information by asking security questions that must be answered to proceed with the call and fix the issue.

Method 4: The Email Receipt Trick

This is a more sophisticated scam that involves sending deceptive emails appearing to be from Google. It is yet another type of phishing attack that often presents a sense of urgency to respond and also conveys trust towards the sender.

Scammers will create a form for a prize giveaway or a security alert for an online account, often using legitimate-looking logos and branding. The form will likely ask for a name, address, password, or even bank details. Using the confirmation system, the scammer configures the form to send a confirmation email to the address entered on the form. They then enter the victim’s email address and submit the form. Because the subsequent email the target receives is an automated response from Google itself, not only does it seem legitimate, but it also bypasses spam and security filters. Often, people receiving these emails fail to notice that it’s a form submission confirmation rather than an official email from Google.

Ways to Protect Yourself Against These Attacks

  • Verify the sender. If you receive an unexpected email containing a Google form, never click the link. Instead, you should contact the purported sender via phone or a separate email to confirm whether they contacted you.
  • Look out for red flags like spelling mistakes and poor grammar, an unprofessional tone, or an urgent tone.
  • Understand how Google operates. Google has a warning on its forms that advises you to “Never submit passwords via Google Forms”.
  • Block potential hijacks. Enabling Multi-Factor Authentication (MFA) on all your important accounts will mean hackers won’t be able to gain access even if they obtain your login details.
  • Always report scams directly to Google; this will help crack down on hackers.

identity theft protection

TOP MUST-WATCH FRAUD PREVENTION VIDEOS

1. Top 5 Amazon Scams in 2024
 
2. Top 5 PayPal Scams in 2024
 
3. How to spot a scam Email in 2024
Tom WattonFraud Prevention Specialist at - Scam Detector

When my sweet old grandmother got caught up in an Amazon gift card scam, I decided then and there that I needed to do whatever I could to inform as many people as possible about the grifters of the world. That’s what I do here – writing about modern scams so you don’t get caught out.

Leave a Comment

Your email address will not be published. Required fields are marked *

SCAM 
ALERTS: 
BE NOTIFIED!

Subscribe HERE to be the first

to know about the newest scams!