"Google Forms Abused to Phish AT&T Credentials"

Security researchers have discovered that adversaries are using phishing attacks that leverage Google Forms as a landing page to collect victims' credentials.  The forms masquerade as login pages from more than 25 different companies, brands, and government agencies.  So far, the researchers have discovered 265 different Google Forms used in these attacks, which are likely sent to victims via email (using social engineering tactics). More than 70 percent of these forms purported to be from AT&T. However, there are other big brands, including Citibank, Capital One, Microsoft OneDrive, Outlook, and Internal Revenue Service (IRS).  The forms were not detected as phishing using most common industry techniques since it used a high-reputation domain established several years ago and used a valid SSL certificate.  Google forms state automatically at the base of each form to "never submit passwords via Google forms."  However, the researchers stated that many victims evidentially ignore the warning.

Threatpost reports: "Google Forms Abused to Phish AT&T Credentials"