In today’s competitive job market, every opportunity feels worth exploring, and scammers know it. Malwarebytes recently identified a phishing campaign in which scammers send job invitations with links to fake Google Forms designed to steal users’ account credentials. Here’s what to watch for and how to protect yourself.
How the Google Forms Job Scam Works
Job scams are nothing new. Chances are, you’re already familiar with WhatsApp messages advertising sketchy job offers. By now, you probably know to block the sender and move on. You don’t even have to open the WhatsApp message to do so.
However, an email or LinkedIn message from someone who appears to be a recruiter and contains a link to a Google Forms document will probably feel more credible. Unfortunately, in some cases, this may be part of a calculated attempt to steal your account credentials.
The scam recently uncovered by Malwarebytes directs targets to a URL that may appear authentic at first glance: https://forms.google.ss-o[.]com/forms/d/e/{unique_id}/viewform?form=opportunitysec&promo=. The “ss-o” part appears to reference “single sign-on”, an authentication method that allows users to securely log in multiple apps/websites with one set of credentials, a detail meant to boost credibility.
Accessing the link takes users to a page that convincingly replicates Google Forms, complete with logo, familiar color schemes, and other authentic-looking elements such as the Submit button.
Before unlocking access to the fake job-related questions, the form asks users to sign in with their Google accounts. If targets oblige, it redirects them to an id-v4.com domain (which by now been taken down) that has been linked to multiple phishing campaigns in the past year.
How to Avoid Falling for the Google Forms Scam
Google Forms scams are on the rise, making awareness more important than ever. According to security film Kaspersky, these types of scams have increased by 63% in 2024. Here are some key precautions to keep in mind:
- As a rule of thumb, approach unsolicited job offers with caution. That’s not to say legitimate opportunities don’t exist. While many recruiters scout on LinkedIn and often reach out directly about genuine roles, verifying the information they share with you is essential. For instance, take the time to check the legitimacy of the company contacting you (this is easy to do on LinkedIn.) A reputable organization should have an official website, often with a dedicated careers section where open positions are posted. See if the role matches what you are being offered.
- Exercise caution if the sender insists you click a link or fails to respond to your follow-up questions. Requests for payments or promises of payments and prizes (free crypto) are clear red flags. Delete the message and block the sender right away.
- ChatGPT now integrates with Malwarebytes, allowing you to check whether an email or message may be malicious.
- If you believe a link may be legitimate, take a moment to hover over it before clicking and carefully examine the URL for any misspellings or irregularities. Just keep in mind that doing this might not be enough, as scams nowadays are becoming increasingly harder to detect.
- Make sure you install an anti-malware tool such as Malwarebytes to get access real-time protection.
- Finally, secure your online accounts with two-factor authentication, to reduce the risk of scammers actually breaching your account, in case, despite all efforts, you fall victim to a scam.
Moreover, if you’re on LinkedIn a lot, you might want to follow up with this article, which details other LinkedIn scams you might stumble upon while you’re on the app.
