Cybercriminals Exploit Google Calendar and Drawings in Phishing Campaigns

Attackers are ingeniously exploiting Google Calendar and Google Drawings in phishing campaigns, targeting unsuspecting individuals and organizations.

Leveraging the inherent trust in Google’s widely used tools, cybercriminals are successfully deceiving users into revealing sensitive information and compromising their accounts.

Google Calendar: A Trusted Tool Turned Target

Google Calendar, a widely used scheduling tool with over 500 million users globally, has become an attractive target for malicious actors.

According to cybersecurity researchers at Check Point, attackers are utilizing Google Calendar’s features and modifying “sender” headers to make phishing emails appear as if they originate directly from Google.

Free Webinar on Best Practices for API vulnerability & Penetration Testing:  Free Registration

These emails often impersonate well-known individuals or brands, adding credibility to their deception.

In a recent campaign, over 4,000 phishing emails, affecting nearly 300 brands were observed in just four weeks.

Initially, the attackers used links leading to Google Forms, but as security systems began detecting these attempts, the campaign shifted focus to Google Drawings.

How These Attacks Work

The phishing campaigns typically begin with a calendar invite containing a phishing link disguised as a legitimate Google feature. Here’s how the attack unfolds:

• Step 1: Victims receive a calendar invite or email containing a malicious link embedded in an .ics file or Google Drawings page.
• Step 2: The link redirects to a fraudulent page mimicking cryptocurrency support or other legitimate services.
• Step 3: Users are asked to complete fake authentication processes or provide sensitive information, such as login credentials or payment details.
• Step 4: Cybercriminals exploit the stolen data for financial fraud, unauthorized transactions, or further attacks on other accounts.

Impact and Consequences

These phishing campaigns not only result in financial losses but also compromise personal and corporate data, causing stress and long-term repercussions.

Victims may face unauthorized transactions, identity theft, and security breaches on other linked accounts.

How to Protect Against These Scams

For Organizations

• Advanced Email Security Solutions: Utilize tools like Harmony Email & Collaboration to detect and block sophisticated phishing attempts. These solutions offer attachment scanning, URL reputation checks, and AI-driven anomaly detection.
• Monitor Third-Party App Activity: Use cybersecurity tools to track and block suspicious activities on third-party apps like Google Calendar and Drawings.
• Implement Multi-Factor Authentication (MFA): Strengthen account security by deploying MFA and behavior analytics to detect unusual logins or activities.

For Individuals

• Examine Invitations Carefully: Avoid engaging with invites containing unexpected information or unfamiliar requests (e.g., CAPTCHA).
• Verify Links Safely: Hover over links to inspect their authenticity, and access websites directly through your browser rather than clicking.
• Enable Two-Factor Authentication (2FA): Secure your Google account and other sensitive platforms with 2FA to prevent unauthorized access.

A Google spokesperson recommends enabling the “known senders” setting in Google Calendar, which alerts users to invitations from unknown contacts. This simple feature can help users stay vigilant against these phishing threats.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free