Wednesday, December 18, 2024
HomeCyber Security NewsCybercriminals Exploit Google Calendar and Drawings in Phishing Campaigns

Cybercriminals Exploit Google Calendar and Drawings in Phishing Campaigns

Published on

SIEM as a Service

Attackers are ingeniously exploiting Google Calendar and Google Drawings in phishing campaigns, targeting unsuspecting individuals and organizations.

Leveraging the inherent trust in Google’s widely used tools, cybercriminals are successfully deceiving users into revealing sensitive information and compromising their accounts.

Google Calendar: A Trusted Tool Turned Target

Google Calendar, a widely used scheduling tool with over 500 million users globally, has become an attractive target for malicious actors.

- Advertisement - SIEM as a Service

According to cybersecurity researchers at Check Point, attackers are utilizing Google Calendar’s features and modifying “sender” headers to make phishing emails appear as if they originate directly from Google.

Free Webinar on Best Practices for API vulnerability & Penetration Testing:  Free Registration

These emails often impersonate well-known individuals or brands, adding credibility to their deception.

Initial phishing attack email example
Initial phishing attack email example

In a recent campaign, over 4,000 phishing emails, affecting nearly 300 brands were observed in just four weeks.

Initially, the attackers used links leading to Google Forms, but as security systems began detecting these attempts, the campaign shifted focus to Google Drawings.

Google Calendar set-up
Google Calendar set-up

How These Attacks Work

The phishing campaigns typically begin with a calendar invite containing a phishing link disguised as a legitimate Google feature. Here’s how the attack unfolds:

  • Step 1: Victims receive a calendar invite or email containing a malicious link embedded in an .ics file or Google Drawings page.
  • Step 2: The link redirects to a fraudulent page mimicking cryptocurrency support or other legitimate services.
  • Step 3: Users are asked to complete fake authentication processes or provide sensitive information, such as login credentials or payment details.
  • Step 4: Cybercriminals exploit the stolen data for financial fraud, unauthorized transactions, or further attacks on other accounts.

Impact and Consequences

These phishing campaigns not only result in financial losses but also compromise personal and corporate data, causing stress and long-term repercussions.

Victims may face unauthorized transactions, identity theft, and security breaches on other linked accounts.

How to Protect Against These Scams

For Organizations

  • Advanced Email Security Solutions: Utilize tools like Harmony Email & Collaboration to detect and block sophisticated phishing attempts. These solutions offer attachment scanning, URL reputation checks, and AI-driven anomaly detection.
  • Monitor Third-Party App Activity: Use cybersecurity tools to track and block suspicious activities on third-party apps like Google Calendar and Drawings.
  • Implement Multi-Factor Authentication (MFA): Strengthen account security by deploying MFA and behavior analytics to detect unusual logins or activities.

For Individuals

  • Examine Invitations Carefully: Avoid engaging with invites containing unexpected information or unfamiliar requests (e.g., CAPTCHA).
  • Verify Links Safely: Hover over links to inspect their authenticity, and access websites directly through your browser rather than clicking.
  • Enable Two-Factor Authentication (2FA): Secure your Google account and other sensitive platforms with 2FA to prevent unauthorized access.

A Google spokesperson recommends enabling the “known senders” setting in Google Calendar, which alerts users to invitations from unknown contacts. This simple feature can help users stay vigilant against these phishing threats.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

New I2PRAT Malware Using encrypted peer-to-peer communication to Evade Detections

Cybersecurity experts are sounding the alarm over a new strain of malware dubbed "I2PRAT,"...

Earth Koshchei Employs RDP Relay, Rogue RDP server in Server Attacks

 A new cyber campaign by the advanced persistent threat (APT) group Earth Koshchei has...

Careto – A legendary Threat Group Targets Windows By Deploy Microphone Recorder And Steal Files

Recent research has linked a series of cyberattacks to The Mask group, as one...

RiseLoader Attack Windows By Employed A VMProtect To Drop Multiple Malware Families

RiseLoader, a new malware family discovered in October 2024, leverages a custom TCP-based binary...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

New I2PRAT Malware Using encrypted peer-to-peer communication to Evade Detections

Cybersecurity experts are sounding the alarm over a new strain of malware dubbed "I2PRAT,"...

Earth Koshchei Employs RDP Relay, Rogue RDP server in Server Attacks

 A new cyber campaign by the advanced persistent threat (APT) group Earth Koshchei has...

Careto – A legendary Threat Group Targets Windows By Deploy Microphone Recorder And Steal Files

Recent research has linked a series of cyberattacks to The Mask group, as one...