Researchers say 265 different Google Forms used in phishing attacks have been uncovered. The forms masquerade as login pages from more than 25 different companies, brands and government agencies. The attacks are likely sent to victims via email (using social engineering tactics) More than 70 percent of these forms purported to be from AT&T. Google Forms are easy to create and are hosted under the Google domain. The Google domain host gives victims the false sense that they are legitimate and avoids phishing detection tactics.
Source: https://threatpost.com/google-forms-abused-to-phish-att-credentials/160957/