The IT Nerd

Abnormal Security has revealed its discovery of a novel BazarCall phishing attack variant that incorporates using Google Forms to increase the appearance of legitimacy and elevate the perceived authenticity of the initial malicious emails. The new attack report demonstrates an email sent by threat actors as part of the phishing attack with a real-world example of a Google Form with details similar to those used in a traditional BazarCall attack. 

BazarCall/BazaCall, aka call-back phishing, is a remarkably sophisticated strategy attack type that gained notoriety in 2020 due to its abnormal method of distributing malware – manipulating victims to interact with the attackers through a simple phone call. BazarCall attacks typically start with a phishing email designed to appear as a payment notification or subscription confirmation from a known brand. 

The attacker creates a Google Form and adds details about the fake transaction, including an invoice number and date, method of payment, and information about the product or service that was purportedly purchased; enable the response receipt option on the Settings tab and send the invitation to complete the form to themselves. When the invitation arrives, the attacker clicks the Fill Out Form button, which opens the Google Form. 

You can read all the details here.

This entry was posted on December 13, 2023 at 9:00 am and is filed under Commentary with tags Abnormal Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.