Cybercriminals have found a new way to rip off cryptocurrency users, and this time, they’re hiding behind the familiar interface of Google Forms.
A recent report from cybersecurity firm Kaspersky reveals that scammers are using Google’s legitimate form submission system to create highly deceptive emails that appear to confirm receipt of a crypto transaction.
But these messages are elaborate bait to trick victims into sending money under false pretences.
The scam starts with a simple form submission. The attacker enters the target’s email address into a pre-filled Google Form. This triggers an automated confirmation email from Google, containing the platform’s official logo and formatting, enough to convince many recipients it’s genuine.
But the message is entirely fabricated, part of a scheme to coax users into believing they’ve received a large cryptocurrency transfer.
What happens next is where the trap is set. The email includes a message prompting the recipient to “claim” the crypto transfer before the offer expires. Clicking the embedded link redirects users to a fake website that impersonates a blockchain support page. There, they are told to pay a “commission” in cryptocurrency to unlock the so-called funds.
There are no funds. Once the fee is paid, the scammers disappear.
According to Kaspersky’s Email Threats Protection Group Manager, Andrey Kovtun, “This campaign demonstrates a cunning exploitation of a trusted and widely used platform to deliver scam attacks on cryptocurrency users.”
He added, “By crafting fraudulent submission confirmation emails that mimic legitimate notifications from crypto exchanges, attackers used the platform’s credibility to bypass email filters and lure victims into divulging sensitive wallet credentials.”
It’s a disturbingly effective tactic. The use of Google Forms, a tool most people associate with harmless surveys and registration sheets, gives the scam a veneer of legitimacy.
Most spam filters don’t catch the emails because they come directly from Google’s servers and include authentic links like forms.gle, which email systems recognise as trustworthy.
And it’s not just the delivery method that’s clever, the language used in these emails is designed to create urgency. Victims are told the transaction will “expire,” pushing them to act quickly without thinking critically. It’s a psychological tactic commonly used in phishing but now reinforced with the trust many have in Google.
Reports indicate that this form-based scam has surged by over 60% since last year, and with the rising adoption of digital currencies globally, the trend shows no sign of slowing.
For users, the advice is not to click on unexpected links, no matter how authentic the source looks. Never send crypto payments or personal details in response to unsolicited messages. And most importantly, confirm any financial communication via official platforms or apps, not through email links.
In addition to basic digital hygiene, users are urged to educate family and friends, especially those new to crypto, about emerging scams. Setting up email filters to catch keywords such as “Create your own Google Form” might help, but it’s not foolproof, especially since legitimate services also use the same infrastructure.
