Cyber Security News

Cybercriminals Exploit Google Calendar and Drawings in Phishing Campaigns

Attackers are ingeniously exploiting Google Calendar and Google Drawings in phishing campaigns, targeting unsuspecting individuals and organizations.

Leveraging the inherent trust in Google’s widely used tools, cybercriminals are successfully deceiving users into revealing sensitive information and compromising their accounts.

Google Calendar: A Trusted Tool Turned Target

Google Calendar, a widely used scheduling tool with over 500 million users globally, has become an attractive target for malicious actors.

According to cybersecurity researchers at Check Point, attackers are utilizing Google Calendar’s features and modifying “sender” headers to make phishing emails appear as if they originate directly from Google.

Free Webinar on Best Practices for API vulnerability & Penetration Testing:  Free Registration

These emails often impersonate well-known individuals or brands, adding credibility to their deception.

Initial phishing attack email example

In a recent campaign, over 4,000 phishing emails, affecting nearly 300 brands were observed in just four weeks.

Initially, the attackers used links leading to Google Forms, but as security systems began detecting these attempts, the campaign shifted focus to Google Drawings.

Google Calendar set-up

How These Attacks Work

The phishing campaigns typically begin with a calendar invite containing a phishing link disguised as a legitimate Google feature. Here’s how the attack unfolds:

  • Step 1: Victims receive a calendar invite or email containing a malicious link embedded in an .ics file or Google Drawings page.
  • Step 2: The link redirects to a fraudulent page mimicking cryptocurrency support or other legitimate services.
  • Step 3: Users are asked to complete fake authentication processes or provide sensitive information, such as login credentials or payment details.
  • Step 4: Cybercriminals exploit the stolen data for financial fraud, unauthorized transactions, or further attacks on other accounts.

Impact and Consequences

These phishing campaigns not only result in financial losses but also compromise personal and corporate data, causing stress and long-term repercussions.

Victims may face unauthorized transactions, identity theft, and security breaches on other linked accounts.

How to Protect Against These Scams

For Organizations

  • Advanced Email Security Solutions: Utilize tools like Harmony Email & Collaboration to detect and block sophisticated phishing attempts. These solutions offer attachment scanning, URL reputation checks, and AI-driven anomaly detection.
  • Monitor Third-Party App Activity: Use cybersecurity tools to track and block suspicious activities on third-party apps like Google Calendar and Drawings.
  • Implement Multi-Factor Authentication (MFA): Strengthen account security by deploying MFA and behavior analytics to detect unusual logins or activities.

For Individuals

  • Examine Invitations Carefully: Avoid engaging with invites containing unexpected information or unfamiliar requests (e.g., CAPTCHA).
  • Verify Links Safely: Hover over links to inspect their authenticity, and access websites directly through your browser rather than clicking.
  • Enable Two-Factor Authentication (2FA): Secure your Google account and other sensitive platforms with 2FA to prevent unauthorized access.

A Google spokesperson recommends enabling the “known senders” setting in Google Calendar, which alerts users to invitations from unknown contacts. This simple feature can help users stay vigilant against these phishing threats.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Hack The box “Ghost” Challenge Cracked – A Detailed Technical Exploit

Cybersecurity researcher "0xdf" has cracked the "Ghost" challenge on Hack The Box (HTB), a premier…

2 hours ago

Sec-Gemini v1 – Google’s New AI Model for Cybersecurity Threat Intelligence

Google has unveiled Sec-Gemini v1, an AI model designed to redefine cybersecurity operations by empowering…

2 hours ago

U.S. Secures Extradition of Rydox Cybercrime Marketplace Admins from Kosovo in Major International Operation

The United States has successfully extradited two Kosovo nationals, Ardit Kutleshi, 26, and Jetmir Kutleshi,…

8 hours ago

Ivanti Fully Patched Connect Secure RCE Vulnerability That Actively Exploited in the Wild

Ivanti has issued an urgent security advisory for CVE-2025-22457, a critical vulnerability impacting Ivanti Connect…

2 days ago

Beware! Weaponized Job Recruitment Emails Spreading BeaverTail and Tropidoor Malware

A concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing how…

2 days ago

EncryptHub Ransomware Uncovered Through ChatGPT Use and OPSEC Failures

EncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of operational…

2 days ago