The perpetrators of the BazaCall call-back phishing attacks have been seen to use Google Forms to give the scam an air of legitimacy.
According to a report released today by cybersecurity firm Abnormal Security, the technique is an "attempt to elevate the perceived authenticity of the initial malicious emails."
First identified in late 2020, BazaCall (also known as BazarCall) is a term used to describe a group of phishing attempts in which victims receive emails pretending to be official subscription notices, advising them to dispute or cancel the plan or face possible charges of $50 to $500.
The attacker uses remote desktop software to install persistence on the host and create a false sense of urgency in order to persuade the target to grant them remote access capabilities. All of this is done over the phone while pretending to be offering assistance in canceling the alleged subscription.
Several well-known services are being impersonated, including Masterclass, McAfee, Norton, Hulu, Netflix, and GeekSquad.
Abnormal Security has discovered that the most recent attack variant uses a Google Forms-created form as a means of disseminating information about the alleged subscription.
It's important to note that the attacker can send an invitation to the form respondent to complete the form and receive the responses because the form has response receipts enabled, which sends a copy of the response by email.
