Researchers claim that Google could soon face a massive malicious act since the threat actor has been sending thousands of emails to organizations. The researchers call the current act reconnaissance campaign.
The hackers’ new movement is currently focusing on identifying different for a possible follow-up business-email-compromise or BEC attack. Security experts explained that they have observed thousands of messages being sent to companies since December 2020.
These messages are predominantly delivered to the telecommunications, healthcare, retail, energy, and manufacturing sectors. the current campaign is allegedly focusing on the tech giant‘s Forms survey tool.
Although this is the case, experts said that this is nothing new since cyber attackers are already doing this in the past few years. Researchers added that they have observed that hackers and fraudsters’ credential phishing campaigns, which are conducted to bypass Google’s email security content filters, already showed this kind of method.
But, the new attack is somewhat different than the previous ones. Security researchers said that the use of the Forms tool may also prompt an ongoing dialogue between the email recipient and the malicious actor.
They added that this method could set them up for a future BEC attack. On the other hand, Proofpoint researchers said that “this hybrid campaign combines the benefits of scale and legitimacy by leveraging Google Services with social engineering attacks, more commonly associated with BEC.”
Experts explained that the message contains unique names of C-level executives from the target companies and other organizations. This also indicates that the cybercriminals have done their work when it comes to pinpointing possible Google user victims.
Proofpoint security researchers added that although the attackers’ messages are simple, they still reveal that there should be a sense of urgency towards the attack.
Google’s alleged BEC malicious act
During the attack, the cybercriminals will ask their victims if they have a quick moment to carry out a task. They will pretend that the sender is in a hurry because of a meeting, fooling the victims that the fake senders can’t handle the task.
The Google users will then receive a link that leads them to default, untitled form on the tech giant’s app. Experts said that the link is strangely blank when a victim opens it.
It also says that the link is an “Untitled Form” with an “Untitled Question.” Experts claim that the main goal of the hackers is to fool Google users into sending an email reply since they’ll see that the survey form looks to be broken.
After that, the cybercriminals will then continue their dialogue, which also prepares them for the possible massive BEC attack.
How to be anonymous
Although experts didn’t specify if being anonymous in Forms could help users prevent the upcoming massive campaign, it is still worth the try. Here are the steps you need to follow to activate the feature;
- The first thing you need to do is to create Forms. You can do this by choosing a premade template or starting from scratch with a blank form.
- After that, you need to finish your file and click the Settings icon, which is located at the screen’s top right corner.
- You must choose the General tab. Once you click that, you need to uncheck the “Collect email addresses” and the “Limit to 1 response” options. The last thing you need to do is tap the “Save” option.