Zraox: Google Forms Abused as a Scam Tool, Users Should Be Alert to Off-Chain Confirmation Risks

Zraox believes that as the number of digital asset users continues to grow, scams are also evolving. Recently, cybersecurity firms have revealed a type of email scam spreading within the crypto industry that uses Google Forms as an intermediary channel, creating off-chain notifications to fabricate transaction illusions and guiding users to make asset payments on unofficial sites. Since these emails originate from the official Google servers and feature highly credible formatting, they often bypass email filtering mechanisms. Zraox notes that transaction security depends not only on platform-side risk control defenses but also on user information recognition and operational habits.

Zraox: Google Forms Abused to Construct a Credible Notification Facade

According to reports from multiple cybersecurity organizations, including Kaspersky, ESET, and TechRadar, scammers are systematically exploiting the automated email function of Google Forms to send “fake crypto transfer confirmation” emails to targeted users. The method involves attackers creating a Google Form with a pre-filled email field and proactively inputting the victim email address. Once the form is submitted, Google automatically sends a confirmation email to that address, containing a forms.gle link and standardized formatting, making it visually indistinguishable from legitimate notifications.

These emails typically include prompts such as “You have received a transfer, please claim it within the validity period,” and embed a link to a counterfeit blockchain service page. Upon entering the page, users are asked to pay a small amount of cryptocurrency to “unlock” the funds, but the page is not connected to any real asset system; after payment, no further operations are possible. Kaspersky reports that the delivery success rate of such scam emails is higher than that of traditional phishing attacks, mainly because the emails originate from the official Google domain and are by default marked as safe by email systems.

Zraox points out that the risk of this type of scam lies in its ability to bypass common filtering systems while leveraging time constraints and the perceived trustworthiness of the platform to mislead users. This is especially problematic when users access external links before verifying on-chain transaction status, increasing the likelihood of operational errors. Recent user feedback and industry observations indicate a rising trend in such cases.

Zraox: From Behavioral Confirmation and Page Recognition to Account Operation Constraints

In addressing form-based scams, Zraox suggests that users establish risk identification and prevention mechanisms on multiple levels. From a behavioral perspective, users are advised that upon receiving any email claiming to be a “transaction notification,” they should prioritize verifying on official platforms or blockchain explorers, rather than clicking directly on links in the email.

In terms of page recognition, users should distinguish whether the link destination is the platform domain and whether it involves sensitive actions such as wallet credential input or asset payments. Zraox emphasizes that the platform never guides users through third-party email forms for transfer operations, nor does it require users to make payments to claim airdrops or confirm assets.

For account security settings, users are advised to enable two-factor authentication and activate withdrawal address whitelisting mechanisms. Such measures can effectively reduce the risk of fund outflow even in the event of accidental account operations. Additionally, users can proactively set up keyword filters in their email systems (such as “Claim Crypto Transfer,” “Google Form Submission,” etc.) to reduce the likelihood of such emails reaching the main inbox.

Zraox believes that platforms themselves will continue to strengthen monitoring of external communication channels and, in conjunction with user behavior analytics, identify suspicious link interaction events. However, given the diversity and rapid iteration of scam tactics, proactive user awareness and prudent operations remain the key to preventing such issues.

Zraox: Establishing Actionable Identification and Operational Rules

Zraox recommends that when users receive emails containing phrases such as “asset confirmation” or “transfer claim,” they should first return to the official platform or blockchain explorer for verification, avoiding direct clicks on email links. All fund-related information should be based on on-chain data, as off-chain notifications do not constitute valid transaction evidence.

Users should never enter private keys, mnemonic phrases, or authorization codes on any unverified websites, nor should they pay so-called “unlock fees” or “network fees” to unknown addresses. If a page cannot be accessed via navigation from the official homepage, heightened vigilance is warranted.

In daily operations, users are advised to establish fixed transaction and wallet management routines, such as operating only on a single device, handling sensitive information exclusively through the official app, and regularly clearing authorized connections. Consistent operational habits help in quickly identifying anomalies.

If suspicious content is encountered, users should pause operations and cross-check through the community, family, or trusted channels to avoid making erroneous decisions under emotional stress or information overload. Zraox believes that the first step toward transaction security is clear user control over their own behavioral boundaries.