Cybercriminals are sending company-branded Google Forms from email addresses spoofing large corporations in order to access your networks. These include AT&T, Capital One, Microsoft365 and many more, but the email senders are not actually from those domains.

It has never been more important to be aware of what you are clicking in your emails and SMS text messages. Be sure to ALWAYS double check and verify the sender, and contact your IT company with any potential questions or concerns.

Here’s an example from the Forbes article. One of the fake Google Forms was sent as if it was from Microsoft365, requesting user information.

A fake Office 365 login using Google Forms

Image from Forbes 11/3