In a recent discovery by researchers at Check Point Software, a new phishing campaign that involves spoofing Google Calendar invites has been identified as spreading rapidly. Attackers are manipulating “sender” headers to make emails appear as if they are coming from Google Calendar on behalf of trusted entities, in an attempt to deceive users and steal their credentials for financial gain.
Initially, the malicious emails contained Google Calendar .ics files that led to phishing attacks. However, once security products started flagging these file types, attackers shifted their tactics to include links to Google Drawings and Google Forms to bypass detection.
This campaign poses a significant threat due to the widespread use of Google Calendar, which boasts over 500 million users across 41 languages, making it a prime target for cybercriminals looking to exploit online accounts for monetary purposes. The stolen data can be leveraged for credit card fraud, unauthorized transactions, and other illicit activities, as well as to breach security measures on other accounts.
Researchers observed over 4,000 emails associated with this campaign within a four-week period, with attackers mentioning approximately 300 different brands in their fraudulent invites to lend an air of legitimacy to their schemes.
The phishing emails appear as typical Google Calendar invites from a known or trusted individual, with some closely resembling authentic notifications to deceive recipients. They include links to Google Forms or Google Drawings to evade email scanning tools. Upon clicking these links, users are directed to fake pages disguised as cryptocurrency mining or Bitcoin support platforms, where they are prompted to divulge personal and financial information.
To combat this threat, Google recommends users enable the “known senders” setting in Google Calendar to receive alerts about invitations from unfamiliar sources. Moreover, deploying advanced email security solutions equipped with attachment scanning, URL reputation checks, and AI-driven anomaly detection can help organizations detect and block phishing attacks more effectively.
Additionally, organizations should monitor third-party Google Apps and utilize cybersecurity tools to identify and alert security teams about any suspicious activities on these platforms. Implementing multifactor authentication (MFA) and providing training on recognizing sophisticated phishing tactics to employees can further strengthen overall security measures.
As the phishing campaign continues to evolve and proliferate, it is crucial for individuals and organizations to remain vigilant and proactive in safeguarding against such malicious activities to protect sensitive data and financial assets.