Dave, I am getting a bunch of Google Forms in my inbox that are asking me to click and “acknowledge my membership” but they don’t specify what group or organization. Are they legit or yet another type of scam?
To start with the answer: Yes, they’re scams. i spend a fair amount of time keeping an eye on my spam and junk email to see what trends and changes appear and it’s clear in the last few months that there’s a new sneaky tool that’s become popular: Google Forms. Turns out that it’s a great way for scammers to sneak past spam filters because if it’s ambiguous enough, people aren’t going to want all forms filtered out, so they aren’t marked as spam at all. You click and you’re on a malicious site. Not good.
As with so many other online scams, however, a bit of basic detective work can protect you from the worst of these. Your Web browser can also help you not land on the most egregious of the malware sites too, as I’ll demonstrate. But as a general rule, if you’re part of an organization and they need you to “acknowledge membership” or “confirm membership”, then aren’t they going to list the group name?
PHISHING EMAIL VIA GOOGLE FORMS
I use Gmail as my primary email system and it generally does a good job of filtering out spam and junk email. Thank goodness, as I get > 75 junk messages/day! Still, this one snuck through:
There’s nothing to indicate it’s a scam and it is legitimately sent from Google Forms, so someone is smart enough to use the popular tool and “share form” with their list of email targets. Hard to filter!
But, as you say, acknowledge my membership in what group? There’s no actual information here, just a questionable link titled “Authenticate your account verification” (which isn’t even grammatically correct).
Most email programs can preview a link before you click on it, and in this instance Gmail is helpful:
Google uses a redirect system with Forms, so it’s a bit obfuscated, but even a casual glance should reveal the primary domain: e-stata.ru. The “.ru” domain is Russia. What groups am I in that would be seeking acknowledgment from a Russian site? None.
That should be enough to confidently delete this message, chalking it up to spammers. But… what if you do click?
AUTHENTICATE YOUR ACCOUNT VERIFICATION
What happens is dependent on Web browser, interestingly. If I click on it while in Google Chrome or Microsoft Edge, I immediately see this warning:
If I try the same link in Apple Safari on my Mac, however, it merrily redirects me to the .ru site, and then to this message:
Notice that the e-stata.ru has been redirected to er-probonuscorp.top and is showing something that’s definitely suspicious: I have no pending Bitcoin transfers pending.
A few moments later it changes the display to:
Definitely bogus because there are no senders “bc1q7****ccg8v” sending me Bitcoin. Still, I can wait a few more seconds to see what happens (so you don’t have to):
Now we’re apparently in Romania, another country with which I have no business or personal interaction. It’s about as scammy and dubious as possible, so the only logical response at this point is to just bail entirely and delete the email.
HOW MUCH IS THAT BITCOIN WORTH?
Curious how much 0.74835 Bitcoin is worth in US dollars? Just ask Google:
$20,000 would be nice, but it’s not going to happen. This is bogus all around and there’s no reason to proceed any further. Remember, whether it’s a Google Form, a shared Document, or a direct email message, be skeptical and do at least a little bit of analysis before ever clicking on a link!
Pro Tip: I’ve been trying to avoid and writing about online scams for many years. Please check out my spam, scams and security help area while you’re visiting. Thanks!
Good! This is a popular scam recently. The other is fraud through the [[redacted]] system, please be careful.