Cybercriminals Exploit Google Forms in Sophisticated Crypto Phishing Scam — Kaspersky Warns

Cybercriminals have begun using Google Forms, a trusted Google tool, to launch an elaborate phishing scheme aimed at cryptocurrency holders, according to a new report by cybersecurity firm Kaspersky. The scam manipulates Google’s own infrastructure to make phishing emails appear legitimate, bypassing spam filters and luring victims with deceptive crypto-related notifications.

The attack starts when fraudsters enter targeted email addresses into a prepared Google Form. Google’s system then sends out a confirmation email automatically, using its standard branding and layout. This gives the message the appearance of a legitimate alert from Google or a cryptocurrency service, raising little suspicion among users.

Kaspersky cybersecurity researcher Olga Kovtun explained that the phishing emails are designed to resemble crypto transaction notifications. The emails suggest that the user is eligible for a payout and urge them to click a link before the offer expires. This call to action is key in driving the victim toward the fake transaction portal.

Victims who follow the link are redirected to a counterfeit page mimicking a crypto wallet or exchange. There, they are asked to pay a “commission” fee in cryptocurrency to receive the supposed funds. In reality, the scam ends with victims transferring their assets to criminals, with no real transaction occurring.

Kaspersky emphasized the growing threat of crypto-targeted cyberattacks and warned that criminals are increasingly exploiting reputable tools to trick users. To stay protected, users are advised to avoid clicking links in unsolicited emails, verify all crypto-related alerts directly through official platforms, and stay alert for inconsistencies such as Google Forms references in financial messages.

Source: Business day