"Did you sign up for a Netflix subscription? The first write-off is already tomorrow.
The scammers behind the BazaCall phishing attacks have started using Google Forms to give their actions the illusion of legitimacy. According to Abnormal Security, this step on the part of hackers is aimed at increasing the apparent reliability of malicious emails.
The BazaCall malware campaign, first detected in late 2020, is a series of phishing attacks aimed at distributing emails that mimic legitimate notifications about victims ' subscriptions to certain services.
Recipients are encouraged to contact customer support to challenge or cancel the tariff plan, otherwise they may be charged a subscription fee in the amount of $ 50 to $ 500, depending on the service that the scammers chose as bait.
At the same time, the attacker calls the victim and, creating a false sense of urgency, convinces her to grant remote access to the computer using remote desktop software. In the end, the fraudster establishes permanent control over the device under the guise of helping you cancel your subscription.
Popular services imitated in these attacks include Netflix, Hulu, Disney+, Masterclass, McAfee, Norton, and GeekSquad. In a new version of the attack identified by Abnormal Security, a questionnaire created using Google Forms is used to transmit information about an allegedly existing subscription that is registered with the victim.
As security researcher Mike Britton notes, the use of Google Forms is beneficial to attackers in that the questionnaires to fill out are sent from a trusted domain, so they are much more likely to circumvent email security systems.
"In addition, Google Forms often use dynamically generated URLs," explains Britton. — The ever-changing nature of these URLs may evade traditional security measures that use static analysis and signature-based detection that rely on known patterns to detect threats."
This case demonstrates how sophisticated the methods of Internet scammers can be. Using common and seemingly secure services, attackers give their attacks the appearance of legitimacy in order to mislead users. This is a good reminder that you should not trust questionable messages and links, even if they come from supposedly reliable companies. And an assumed sense of urgency is almost one hundred percent likely to be a sign of obvious fraud.
The scammers behind the BazaCall phishing attacks have started using Google Forms to give their actions the illusion of legitimacy. According to Abnormal Security, this step on the part of hackers is aimed at increasing the apparent reliability of malicious emails.
The BazaCall malware campaign, first detected in late 2020, is a series of phishing attacks aimed at distributing emails that mimic legitimate notifications about victims ' subscriptions to certain services.
Recipients are encouraged to contact customer support to challenge or cancel the tariff plan, otherwise they may be charged a subscription fee in the amount of $ 50 to $ 500, depending on the service that the scammers chose as bait.
At the same time, the attacker calls the victim and, creating a false sense of urgency, convinces her to grant remote access to the computer using remote desktop software. In the end, the fraudster establishes permanent control over the device under the guise of helping you cancel your subscription.
Popular services imitated in these attacks include Netflix, Hulu, Disney+, Masterclass, McAfee, Norton, and GeekSquad. In a new version of the attack identified by Abnormal Security, a questionnaire created using Google Forms is used to transmit information about an allegedly existing subscription that is registered with the victim.
As security researcher Mike Britton notes, the use of Google Forms is beneficial to attackers in that the questionnaires to fill out are sent from a trusted domain, so they are much more likely to circumvent email security systems.
"In addition, Google Forms often use dynamically generated URLs," explains Britton. — The ever-changing nature of these URLs may evade traditional security measures that use static analysis and signature-based detection that rely on known patterns to detect threats."
This case demonstrates how sophisticated the methods of Internet scammers can be. Using common and seemingly secure services, attackers give their attacks the appearance of legitimacy in order to mislead users. This is a good reminder that you should not trust questionable messages and links, even if they come from supposedly reliable companies. And an assumed sense of urgency is almost one hundred percent likely to be a sign of obvious fraud.
