"Google Forms Abused in New COVID-19 Phishing Wave in the US"

COVID-19-themed phishing messages are on the rise in the US. According to a report shared by email security company INKY, malspam volumes more than doubled in September compared to the previous three months and are expected to rise even further. In the most recent attacks, phishing emails impersonate the US Small Business Administration (SBA) and use Google Forms to host phishing pages that steal business owners' personal information. The SBA has previously run COVID-19 financial recovery programs, lending legitimacy to the campaign, particularly among previous beneficiaries. However, the organization is not currently undertaking any initiatives of this nature. The phishing emails contain lures for pandemic financial assistance programs such as the "Paycheck Protection Program," "Revitalization Fund," and "COVID Economic Injury Disaster Loan." Phishers frequently use form builders to take advantage of the free hosting, encrypted data traffic, and brand recognition and trustworthiness that they provide. The phishing forms closely resemble the content used by the SBA in legitimate support programs, requiring applicants to enter much of the same information. This article continues to discuss the surge in COVID-19-themed phishing messages involving Google Forms.

Bleeping Computer reports "Google Forms Abused in New COVID-19 Phishing Wave in the US"