BazaCall attacks [4], also known as Callback phishing [2], are a type of phishing attack that begins with a deceptive email pretending to be a payment notification or subscription confirmation from a well-known brand [4]. Recently, researchers at Abnormal Security discovered a new variant of this attack campaign that incorporates Google Forms to enhance their deceptive strategies.


In this variant, scammers create a Google Form containing fake transaction details [2], such as an invoice number and payment information [2]. When the target fills out the form, a copy is sent to their email address [2]. This method increases the authenticity of the initial malicious emails [1], making them appear more legitimate [4]. The emails are sent directly from Google Forms [4], with the sender address and display name appearing as “Google Forms.” By utilizing Google Forms and a trusted domain address, the scammers also increase the chances of bypassing secure email gateways [1] [3]. Furthermore, the dynamically generated URLs used by Google Forms can evade traditional security measures [1]. Traditional email security tools may struggle to detect this type of attack, but AI-native email security solutions equipped with behavioral AI and content analysis can effectively identify and prevent such attacks [2]. These solutions utilize machine learning to accurately detect these emails as potential threats.


The use of Google Forms in BazaCall attacks poses significant challenges for traditional email security tools. However, AI-native email security solutions that employ behavioral AI and content analysis can effectively recognize brand impersonation and phishing attempts. As attackers continue to evolve their tactics, it is crucial for organizations to adopt advanced security measures to mitigate the risks posed by these sophisticated attacks.