Explain in detail about the google forms scan.
I got just this typical spam email, but this one seemed odd. It came from Google Forms, which apparently can send emails too, however you have to sign in to Google Forms to use it, and it uses the email you signed in with.
How did this spammer manage to appear to send from the Forms email? This seems like it can be easily used to phish unsuspecting people who trust a Google address. What is especially strange is that this mail came from the google.com domain, which is not something that public users can create mails on, and it is signed by google.com, so as far as i understand it can't be spoofed - so how is this possible?
The spammer in question is abusing a Google Forms feature called Response Receipts. If you create a Google form and turn on response receipts, then whenever anybody fills in and submits the form, a copy of the filled form is sent to the email address they provide in the form. This response receipt is sent from the Google service account forms-receipts-noreply@google.com and since it is sent by Google itself, it is also signed by google.com.
So all the spammer has to do is create a Google form spam with the body of the form containing the content of their spam email. Then they simply submit the form with the victims' email addresses and sit back as Google delivers their spam for them. Note, however, that when I tried replicating this, the response receipt email landed in my spam folder, which means Google does attempt to detect such spam emails. The spammers must have figured out a way to bypass gmail's spam filters for the email to land in your main inbox.