Threat actors are known to abuse TypeForm to create convincing login forms used as part of their phishing scams. A new report by email security firm ArmorBlox outlines one such phishing scam that aims to take advantage of the 2021 tax season by pretending to be a W-2 tax document shared via Microsoft OneDrive. Other phishing campaigns have used Google Forms and Canva to steal login credentials from users. To prevent falling for these types of scams, it is always important to take a minute to scrutinize unexpected emails, especially those containing links to shared documents.
Source: https://www.bleepingcomputer.com/news/security/watch-out-for-this-w-2-phishing-scam-targeting-the-2021-tax-season/