A threat actor has been sending thousands of emails to organizations, in what researchers warn is a reconnaissance campaign to identify targets for a possible follow-up business-email-compromise (BEC) attack.
So far, researchers have observed thousands of messages being sent to companies, predominantly delivered to retail, telecommunications, healthcare, energy and manufacturing sectors. Of note, the campaign leverages Google’s Forms survey tool. This use of Google Forms by cybercriminals is not new and is routinely observed in credential phishing campaigns to bypass email security content filters. However, in this attack, the use of Google Forms may also prompt an ongoing dialogue between the email recipient and the attacker – setting them up as a victim for a future BEC trap, researchers say.
