Join us for the Human Behavior Conference on Oct. 30th

The Google Workspace Crypto Scam: Social Engineering News 

Share This Post

Researchers recently discovered a scam using Google Workspace comments to bait its targets. In just two weeks attackers were able to trap almost 1,000 businesses. In other words, seventy businesses were targeted each day. Using a tactic known as business email compromise (BEC), the attackers use legitimate Google services within Google Workspace documents to redirect targets to a fake cryptocurrency site.

The attack begins with bad actors creating a free Google account. Using their Google account, the attackers then create a Google sheet and mention their intended target in a comment. The target receives an email notification, as shown in the example below. If the target clicks the link, they are re-directed to a fake cryptocurrency page. There are several types of fake cryptocurrency pages the scammers use; from typical phishing sites that steal credentials to cryptocurrency mining.

The Google Workspace Crypto Scam
Image: Avann

The rising surge in BEC fraud and crypto scams

The Google workspace crypto scam is just one example of the rising surge in BEC fraud and crypto scams. Consider the following statistics:

  • Between April 2022 and April 2023, Microsoft Threat Intelligence detected and investigated 35 million BEC attempts with an adjusted average of 156,000 attempts daily.
  • The FBI’s 2022 Internet Crime Report states that losses from cryptocurrency investment fraud rose from $907 million in 2021 to $2.57 billion in 2022.

Don’t let your company be the next victim. Ongoing employee testing and education is essential if you are to protect your organization from these scams.

Test. Educate. Protect – Social Engineer’s Managed Phishing Service

The use of malicious social engineering is at the core of the Google workspace scam. It’s an example of how threats to information security focus their attacks on company employees.

As the experts in social engineering, we designed our security awareness managed services to test, educate, and protect your human network from Vishing Phishing, SMiShing and Impersonation attacks. Our Managed Phishing Service ethically tests your employees using real-world scenarios. We identify at-risk user groups as employees demonstrate their ability to recognize and report fraudulent emails. Don’t wait until it’s too late; contact us today for a quote.

More To Explore

Remote and Hybrid Work Security
Protect Yourself

Remote and Hybrid Working Security

According to Workplace, in 2019, “60% of remote-capable employees spent their week working fully on-site, whereas that figure has fallen to just 20% in 2023.” Additionally, hybrid work has increased