More than 200 Google Forms have been discovered being used as false landing pages for more than 25 companies, brands and government agencies in a phishing scheme to gather users' credentials. The uncovered forms seem to have likely been sent to the victims' email addresses through means of social engineering. Some of the impersonated companies are AT&T, Citibank, Capital One, Outlook and even government agencies like the IRS. Google has removed the forms after they were reported by Zimperium researchers, who discovered the false landing pages, but there is still a risk of some undiscovered forms out there.


Indicators to look for when determining if a login screen is legitimate:

While many of these phishing forms utilize the company's brand and ask users to "sign in" with their email and password just like a real login screen, instead of a login button, the form has a submit button. 

Google Forms also provide a valid SSL certificate, so this gives users the impression that the page is not malicious, but all this indicates is that the page is an encrypted HTTPS connection with a valid SSL certificate, so be sure not to just depend on the "secure" icon at the top of the browser.

At the bottom of the form, there is a message from Google that states, "Never submit passwords through Google Forms."

Check the default completion hint messages in the fields of the form itself. If they use "Your answer" instead of "username", "password", etc., then this indicates the form may not be legitimate.


If you see any of these indicators, do not fill out the form. Instead, you can report the abuse of the form to Google here or get instructions for reporting abuse of forms and other Google services here.

Take Security seriously, trust BeCloud to monitor your network.

Join us and make your company a more secure place.