Log Out

2024 Training Schedule is now available!

The Google Workspace Crypto Scam: Social Engineering News 

Share This Post

Researchers recently discovered a scam using Google Workspace comments to bait its targets. In just two weeks attackers were able to trap almost 1,000 businesses. In other words, seventy businesses were targeted each day. Using a tactic known as business email compromise (BEC), the attackers use legitimate Google services within Google Workspace documents to redirect targets to a fake cryptocurrency site.

The attack begins with bad actors creating a free Google account. Using their Google account, the attackers then create a Google sheet and mention their intended target in a comment. The target receives an email notification, as shown in the example below. If the target clicks the link, they are re-directed to a fake cryptocurrency page. There are several types of fake cryptocurrency pages the scammers use; from typical phishing sites that steal credentials to cryptocurrency mining.

The Google Workspace Crypto Scam
Image: Avann

The rising surge in BEC fraud and crypto scams

The Google workspace crypto scam is just one example of the rising surge in BEC fraud and crypto scams. Consider the following statistics:

  • Between April 2022 and April 2023, Microsoft Threat Intelligence detected and investigated 35 million BEC attempts with an adjusted average of 156,000 attempts daily.
  • The FBI’s 2022 Internet Crime Report states that losses from cryptocurrency investment fraud rose from $907 million in 2021 to $2.57 billion in 2022.

Don’t let your company be the next victim. Ongoing employee testing and education is essential if you are to protect your organization from these scams.

Test. Educate. Protect – Social Engineer’s Managed Phishing Service

The use of malicious social engineering is at the core of the Google workspace scam. It’s an example of how threats to information security focus their attacks on company employees.

As the experts in social engineering, we designed our security awareness managed services to test, educate, and protect your human network from Vishing Phishing, SMiShing and Impersonation attacks. Our Managed Phishing Service ethically tests your employees using real-world scenarios. We identify at-risk user groups as employees demonstrate their ability to recognize and report fraudulent emails. Don’t wait until it’s too late; contact us today for a quote.

More To Explore

Are You At Risk for SMiShing?

Are You at Risk for SMiShing?

Most of us have received a bogus text message that mentioned some sort of problem with a recent delivery or an issue with a PayPal or Amazon account. The instructions

Vishing Attacks Targeting Healthcare Organizations

Vishing Attacks Targeting Healthcare Organizations 

The Health Sector Cybersecurity Coordination Center (HC3) sent an alert in August 2022 detailing an increase in vishing attacks targeting healthcare organizations. Health systems were warned to watch for attacks