Be Alert: Google Forms Phishing Scam

Be on the lookout for scammers trying to impersonate Google. The spammer will take advantage of the option for “Response Receipts.” These emails are sent from the email address “forms-receipts-noreply@google.com.” which is the official, legitimate email.

The spammer pretends the user has filled out something with Google when they have not and requests that the person fill out their email address and click to verify.  See an image example below.

example google form phishing

While the email address may be official, those links could lead to anywhere and could ask for more information. Keep in mind, if you are getting a response receipt you likely have already completed what you need and should not need to send any new information.

If you think you have received one of these scam emails, you can click “Report Abuse” at the bottom of the email.

If you would like more details about this scam, please read this post, where we sourced the information for this blog.

Beware ‘Zoom’ Phishing and Smishing Scams among others

Avoid Zoom scam

No matter what kind of phishing or smishing message you receive, scammers hope you will click on the link they’ve included in their email or text. These links can download malware onto your computer AND/OR lead you to a page where you are prompted to enter your login information.

If the latter, you’ll arrive at a realistic, but fake Zoom login page. That fake login page is designed to get you to enter your user name and password. Scammers will use this information to log in to other services and platforms as well.

Avoid getting Scammed

Don’t click on anything! (This includes links, photos, attachments, and/or files). If you feel that this might be real, type the Zoom.us URL yourself in the URL bar and confirm that you can log in with your district Google credentials.

Always remember to double-check the sender address. Look carefully at the sender address as we are seeing return email addresses that closely mirror real email addresses. Also, please remember that mobile phones are an even bigger attack vector and smishing is on the rise. Return email addresses are harder to see when viewed on mobile devices. Often users on cell phones may be more distracted and in a hurry and scammers are hoping they won’t be paying close attention.

These steps should be followed for all email and text messages. While we all may be used to just clicking on links, we have to be careful that our behavior doesn’t help bad actors take advantage of us. If you get an unsolicited email or text and you aren’t sure who it really came from, NEVER click on any links, files, or images it may contain.

Resolve issues directly. As with Zoom warnings, if you receive an email or text stating there is a problem with your account and you aren’t sure if it is legitimate, contact the company directly. Go to the official website by typing the name in your browser and find the “Contact Support” feature to get help.

For more information

Read more about common phishing scams and how to avoid them at BBB.org/PhishingScam and at BBB.org/AvoidScams.

If you’ve been targeted with a phishing scam, report it at BBB.org/ScamTracker. Your reports can help limit scammers’ success in the future.