The scammers behind the Bazacall phishing attacks have taken a new approach to make their actions appear legitimate. According to a report by Abnormal Security, the hackers are now using Google Forms in order to increase the perceived reliability of their malicious emails. This tactic is aimed at tricking recipients into thinking that the emails are legitimate and trustworthy.
The Bazacall campaign, which was first identified at the end of 2020, is a series of phishing attacks that involve sending emails that mimic official notifications about subscription services. The recipients of these emails are instructed to contact the support service to dispute or cancel their subscription, otherwise they will be charged a fee ranging from $50 to $500, depending on the service.
Simultaneously, the attackers also call the victims and create a sense of urgency, convincing them to provide remote access to their computers using remote desktop software. This allows the scammers to gain control over the victim’s device under the guise of assisting with the cancellation of the subscription.
The scammers imitate popular services such as Netflix, Hulu, Disney+, MasterClass, McAfee, Norton, and Geeksquad in these attacks. In the latest version of the scam, identified by Abnormal Security, the scammers use a Google form to collect information about the supposed subscription that the victim has.
Security researcher Mike Briton explains that the use of Google Forms benefits the attackers because the questionnaires appear to be sent from a trusted domain, making them more likely to bypass email security systems. He also notes that Google Forms are often dynamically generated, further complicating detection and blocking efforts.
“Initially, the URL was invented to indicate the location of various files on the Internet, and only over time began to be used to designate the addresses of all resources, regardless of their type,” adds Briton.