Cybercriminals are now exploiting Google Forms to impersonate legitimate crypto services and steal users’ digital assets. This is revealed in a new finding by cybersecurity firm Kaspersky,
According to Kaspersky, the scam involves tricking users into believing they have received a crypto transfer by sending fake notifications via Google Forms.
Attackers now craft fake Google Form submission alerts to mimic crypto transfer notifications. Once the user follows the instructions, they are asked to pay a “commission” fee in cryptocurrency to receive the transfer, which, of course, does not exist.
The scam, Kaspersky says, represents a troubling evolution in phishing techniques, leveraging the trust and credibility of well-known platforms like Google to target crypto users who may be unfamiliar with form-based phishing tactics.
How the Crypto Scam Works
According to the report, attackers fill out a pre-crafted Google Form using the victim’s email address.
When this is done, Google automatically sends a submission confirmation to the email provided, a built-in feature of the platform that fraudsters have learned to exploit.
The confirmation email contains all the hallmarks of an official Google Forms response: the Google logo, formatting that mirrors standard receipt layouts, and even a summary of the form’s contents.
These characteristics, Kaspersky says, give the message a veneer of legitimacy, enabling it to evade many spam filters and security tools.
Embedded in the email is also a link that, when clicked, redirects the user to a fraudulent website posing as a crypto payment portal. Victims are told they’ve received a transfer and must act quickly to claim it.
“The attackers crafted this form submission confirmation to look like a notification from a crypto transaction service. It indicates a sum to be paid out and urges the user to click a link to claim it before the offer ‘expires’,” Kaspersky explained.
To access the funds, they’re instructed to pay a “commission fee” in cryptocurrency to a blockchain “support” agent, after which the trail goes cold, and the promised payout never materialises.
The Use of Trusted Infrastructure for Criminal Gain
Kaspersky researchers highlight the particular danger of this campaign: the attackers are not distributing malicious files or hacking into email accounts. Instead, they are exploiting Google Forms to carry out their scheme.
“This campaign demonstrates a cunning exploitation of a trusted and widely used platform to deliver scam attacks on cryptocurrency users,” said Andrey Kovtun, Email Threats Protection Group Manager at Kaspersky.
Kovtun added that, by hijacking the automated confirmation system built into Google Forms, the fraudsters are effectively outsourcing their phishing emails to Google itself.
The strategy allows them to piggyback on Google’s infrastructure and branding, increasing the chances that recipients will engage with the message and comply with the scam’s instructions.
A Growing Threat in the Crypto Ecosystem
This form of phishing, industry leaders say, illustrates how attackers continue to innovate their tactics as digital currencies become more integrated into everyday financial life.
With the global cryptocurrency market expected to reach over $5 billion by 2030, users have become prime targets for cybercrime syndicates looking to exploit technical gaps and social vulnerabilities.
Experts warn that while crypto adoption rises, the ecosystem’s security literacy still lags behind. Many users lack the awareness to differentiate between authentic exchange messages and cleverly disguised scams. That knowledge gap creates fertile ground for fraud.
Red Flags and How to Protect Yourself
Cybersecurity professionals advise users to remain highly vigilant when receiving unsolicited messages that reference cryptocurrency activity, particularly those with links or unexpected payment requests.
Kaspersky outlines several red flags to look for:
- Unexpected email confirmations tied to forms you never submitted
- Requests for payments or fees before receiving a promised transfer
- Urgent language that pressures users to act quickly or risk losing funds
- Emails originating from trusted platforms but linking to non-Google domains
Instead of clicking suspicious links, users are encouraged to independently verify any transactions by accessing their crypto wallet or exchange through official websites or apps.
Security experts also recommend enabling multi-factor authentication (MFA), using secure password managers, and staying updated on new phishing tactics targeting crypto users.
Talking Point
The weaponisation of everyday digital tools like Google Forms marks a disturbing new frontier in cyber fraud. This tactic not only bypasses spam filters with ease but also exploits the growing gap in digital literacy, particularly among cryptocurrency users.
At Techparley, we see this as a wake-up call for both the fintech industry and big tech platforms. As digital finance becomes more embedded in daily life, the tools that power it must be fortified.
Google and similar tech giants need to do more to prevent the abuse of their systems, while crypto firms must aggressively educate users on phishing and verification practices.
More critically, this case raises deeper questions: How can tech infrastructure be made scam-resilient without stifling innovation? And what safeguards should be built into form and email systems?
