The Google Forms Editor Invite That Matched the Recipient's Name: Property Tax Survey as Social Engineering Pretext
ID: 90e5397c-8711-5015-a016-d1ffb85e8042
STIX ID: report--90e5397c-8711-5015-a016-d1ffb85e8042
Feed Name: IRONSCALES
A targeted phishing campaign delivered via legitimate Google Forms sharing notifications to a multinational law firm: the message passed SPF/DKIM/DMARC and originated from Google infrastructure, contained editor-level /edit?invite= links that grant access without sign-in, used a sender display name matching the recipient to increase trust, and used a regionally tailored Hebrew property-tax pretext; indicators of compromise and MITRE mappings are provided, and the report rates the incident as high severity.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
