When big tech gets careless: Google Forms spam

Posted on by

So lately, I’ve seen a thing in my inbox. Well, I mean, I see a lot of things in my inbox, but this is an annoying thing: 419 scams inside Google Forms invites.

I’m getting a ton of these:

Google forms spam

In spam fighting communities, these are called “419 scams,” from Section 419 of the Nigerian criminal code. Most of them originate from Nigeria, and they’re a form of scam called “advance fee fraud,” where the scammer promises to give you a lot of money if you just pay these fees (bank certification fees, wire transfer fees, blah blah blah whatever) in advance. You pay all the fees and then you get…nothing. That’s it. That’s the whole scam.

I’ve noticed an absolutely enormous uptick in 419 scam emails using Google Forms as well. In fact, I’ve spent the past few weeks collecting examples and figuring out what’s happening, and I think I have a handle on what’s going on.

419 scams are a large, bulk-market business. Maybe 1 person in 10,000 is dumb enough to fall for these scams. (Fun fact, the scammers use the slang term “maga” to refer to the dupes fooled by these scams; in a pidgin of English and Yorùbá often used by these scammers in Nigeria, “maga” means “fool.”) That means a 419 scammer has to send a lot of emails to succeed.

But spam filters, especially Bayesian filters, have become really, really good at detecting 419 scams. In fact, many spam filters actually have “probably 419” as one of their identifiers for spam email.

Enter Google.

Google lets people send emails for free using Gmail. However, Gmail mail gets passed through normal spam filters, which flags the bulk of 419 scams.

However, Google has a service where you can create a Google Form and then invite people to visit your Google Form. And for some reason I don’t understand, outgoing invitations from Google servers for a Google Form don’t pass through Google’s spam filters—don’t ask me why.

Furthermore, the Google Form header or HTML wrapper or something seems to prevent client-side or email-host-side spam filters from identifying the emails as 419 scams, too. Why? ¯_ಠ

For whatever reason, 419 scams that appear within the body of a Google Form invitation fly right past spam filters. As soon as the 419 scammers discovered this, they were all over it like flies on cowshit. At the moment, I’m receiving several of these emails an hour.

It started a few weeks ago and shows no sign of letting up. I’ve emailed Google’s abuse team multiple times about it but so far no reply.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.