VERY IMPORTANT

In early December 2020, Proofpoint Threat Research observed attackers using Google Forms to bypass email security content filters based on keywords. The use of Google Forms is not new and is routinely observed in credential phishing campaigns. This hybrid campaign combines the benefits of scale and legitimacy by leveraging Google Services with social engineering attacks, more commonly associated with BEC. We observed thousands of messages predominantly delivered to retail, telecommunications, healthcare, energy, and manufacturing sectors.