Kaspersky analysts noted the spike after observing a 63 percent rise in Google Forms-based phishing messages during routine telemetry reviews of consumer endpoints in early July 2025, flagging the campaign as one of the year’s most effective low-tech social-engineering attacks. Mitigation hinges on layered defenses: implement content-disarm rules that quarantine any Google Forms emails not explicitly whitelisted, and deploy browser extensions capable of blocking outbound requests to unfamiliar Workers domains. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Google Forms, praised for friction-free data collection, has become the unlikely staging ground for rapidly spreading crypto-phishing campaign. First detected in late-2024 but surging in Q2 2025, the ploy begins with an unsolicited email containing a legitimate‐looking forms.gle link that easily bypasses most spam gateways. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. Within seconds the supplied credentials are siphoned to a command-and-control (C2) server hidden behind Cloudflare Workers, and any payment is spirited to mixer wallets, obliterating the money trail. The script also injects a one-time JavaScript redirect to hxxps://claim-btc-id[.]online, a clone site hosting a polished React front end and a Python Flask API that proxies every request to the attacker’s C2. The malicious form leverages an Apps Script-bound WebHook that silently exfiltrates data the moment the victim clicks “Submit,” without waiting for form completion. Finally, security awareness programs must reiterate the timeless principle—free cryptocurrency never arrives via a form submission.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 25 Jul 2025 10:45:13 +0000