Watch Out for Sophisticated Google Forms Scam Cunningly Designed
Stealing Your Data via Trusted Channels: How Scammers Employ Google Forms
Scammers are turning towards reliable and trusted names, such as Google, to con people into disclosing their personal information in phishing schemes. Recently, these fraudsters have taken advantage of settings offered by both Google and PayPal to deceive targets into a comforting illusion of security, making these illicit activities harder to discern.
Additionally, these con artists are attempting to seem legitimate and evade detection by abusing Google Forms to request sensitive data.
The Dark Side of Google Forms
Phishing through Google Forms is far from new. A recent analysis by ESET Security shows that Google Forms are straightforward to develop and implement, boast a reliable user-base, and are encrypted with TLS, making them less susceptible to being flagged as malicious.
Google Forms scams can serve various purposes, ranging from stealing login credentials to installing harmful software onto your device by redirecting you to fraudulent sites.
A sophisticated variation of this scam recently targeted academic institutions in the United States, including students, faculty, and staff at fifteen universities. According to a Google blog post from February 2025, this attack involved scammers sending links to Google Forms that mimicked legitimate university communications. The forms borrowed school names, color schemes, and logos or mascots to deceive recipients into providing account credentials and, in some cases, financial institution logins under the pretext of either maintaining an existing account or dispersing aid.
To increase their odds of success, scammers released these forms around essential dates on the academic calendar, such as financial aid deadlines, when recipients have numerous administrative tasks to complete and are less likely to notice potential warning signs.
Though Google managed to remove all the malicious forms eventually, Stanford University's Information Security Office issued an alert on April 23, 2025, warning of a similar phishing scheme aiming to steal passwords and Duo passcodes for university network accounts.
The attack commences with Google Forms styled to resemble real Stanford-branded emails hosted on actual google.com domains with genuine SSL certificates. The forms appear to originate from authentic Google email addresses and may contain names familiar to the recipient in the notifications (such as "Shared by [Name]"). Not only do these forms appear legitimate, but they can bypass email malware detection.
Protect Yourself from Phishing Attacks with Google Forms
Always exercise caution when interacting with Google Forms. Do not open forms that you didn't expect, and never submit sensitive information like passwords or banking details through Google Forms (Google warns users directly against this within the form itself). Legitimate institutions will never ask for this kind of information via Google Forms, and if you're uncertain about a request, contact the organization directly to confirm their intentions.
Not all Google Forms phishing attempts will have the same level of sophistication as those aimed at academia; therefore, be on the lookout for misspellings, awkward salutations, and strange punctuation. One example identified by ESET begins with "Hello, Dear!".
If you believe you have already provided sensitive information through Google Forms, change your account passwords, secure your credit cards, and monitor your accounts and credit report for indications of fraudulent activity. Be vigilant for any signs of malware on your computer and remove it promptly, whether you're using a Mac or a PC.
Security Tips
- Use comprehensive email security tools that offer deep content inspection to detect phishing attempts
- Implement SPF, DKIM, and DMARC configurations for email authentication
- Activate multi-factor authentication on all accounts
- Verify URLs before submitting sensitive information
- Recognize phishing tactics through regular cybersecurity training and awareness efforts.
- TheGoogle Forms scams can serve various purposes, such as stealing login credentials or installing harmful software by redirecting users to fraudulent sites.
- Scammers targeting academic institutions have abused Google Forms by sending links that mimic legitimate university communications, deceiving recipients into providing sensitive data like account credentials and financial institution logins.
- To increase their chances of success, scammers often release these forms around deadlines like financial aid deadlines, when recipients are more likely to be preoccupied and less vigilant.
- To protect yourself from Google Forms scams, always exercise caution, verify URLs, and never submit sensitive information like passwords or banking details through Google Forms. Additionally, regular cybersecurity training and awareness efforts can help recognize phishing tactics.
