Cyber Security News

Cybercriminals Exploit Google Calendar and Drawings in Phishing Campaigns

Attackers are ingeniously exploiting Google Calendar and Google Drawings in phishing campaigns, targeting unsuspecting individuals and organizations.

Leveraging the inherent trust in Google’s widely used tools, cybercriminals are successfully deceiving users into revealing sensitive information and compromising their accounts.

Google Calendar: A Trusted Tool Turned Target

Google Calendar, a widely used scheduling tool with over 500 million users globally, has become an attractive target for malicious actors.

According to cybersecurity researchers at Check Point, attackers are utilizing Google Calendar’s features and modifying “sender” headers to make phishing emails appear as if they originate directly from Google.

Free Webinar on Best Practices for API vulnerability & Penetration Testing:  Free Registration

These emails often impersonate well-known individuals or brands, adding credibility to their deception.

Initial phishing attack email exampleInitial phishing attack email example
Initial phishing attack email example

In a recent campaign, over 4,000 phishing emails, affecting nearly 300 brands were observed in just four weeks.

Initially, the attackers used links leading to Google Forms, but as security systems began detecting these attempts, the campaign shifted focus to Google Drawings.

Google Calendar set-up

How These Attacks Work

The phishing campaigns typically begin with a calendar invite containing a phishing link disguised as a legitimate Google feature. Here’s how the attack unfolds:

  • Step 1: Victims receive a calendar invite or email containing a malicious link embedded in an .ics file or Google Drawings page.
  • Step 2: The link redirects to a fraudulent page mimicking cryptocurrency support or other legitimate services.
  • Step 3: Users are asked to complete fake authentication processes or provide sensitive information, such as login credentials or payment details.
  • Step 4: Cybercriminals exploit the stolen data for financial fraud, unauthorized transactions, or further attacks on other accounts.

Impact and Consequences

These phishing campaigns not only result in financial losses but also compromise personal and corporate data, causing stress and long-term repercussions.

Victims may face unauthorized transactions, identity theft, and security breaches on other linked accounts.

How to Protect Against These Scams

For Organizations

  • Advanced Email Security Solutions: Utilize tools like Harmony Email & Collaboration to detect and block sophisticated phishing attempts. These solutions offer attachment scanning, URL reputation checks, and AI-driven anomaly detection.
  • Monitor Third-Party App Activity: Use cybersecurity tools to track and block suspicious activities on third-party apps like Google Calendar and Drawings.
  • Implement Multi-Factor Authentication (MFA): Strengthen account security by deploying MFA and behavior analytics to detect unusual logins or activities.

For Individuals

  • Examine Invitations Carefully: Avoid engaging with invites containing unexpected information or unfamiliar requests (e.g., CAPTCHA).
  • Verify Links Safely: Hover over links to inspect their authenticity, and access websites directly through your browser rather than clicking.
  • Enable Two-Factor Authentication (2FA): Secure your Google account and other sensitive platforms with 2FA to prevent unauthorized access.

A Google spokesperson recommends enabling the “known senders” setting in Google Calendar, which alerts users to invitations from unknown contacts. This simple feature can help users stay vigilant against these phishing threats.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Malicious PDFs Responsible for 22% of All Email-Based Cyber Threats

Malicious PDF files have emerged as a dominant threat vector in email-based cyberattacks, accounting for…

10 minutes ago

Ex-ASML Russian Employee Smuggled Trade Secrets to Moscow via USB

A former employee of Dutch semiconductor firm ASML, identified as German A. (43), stands accused…

2 hours ago

Critical Apache Parquet Vulnerability Allows Remote Code Execution

A severe vulnerability has been identified in the Apache Parquet Java library, specifically within its parquet-avro module.…

3 hours ago

Halo ITSM Vulnerability Lets Attackers Inject Malicious SQL Code

A critical security flaw has been discovered in Halo ITSM, an IT support management software widely…

5 hours ago

Australian Pension Funds Hacked: Members Face Financial Losses

Several of Australia’s largest superannuation funds have been targeted in a coordinated cyberattack, leading to…

5 hours ago

Frida Penetration Testing Toolkit Updated with Advanced Threat Monitoring APIs

In a significant update to the popular dynamic instrumentation toolkit Frida, developers have introduced powerful…

5 hours ago