Hackers Exploit Google Calendar And Gmail In Phishing Attacks

Photo by appshunter.io on Unsplash

Hackers Exploit Google Calendar And Gmail In Phishing Attacks

Reading time: 2 min

Posted on Dec 18, 2024

A new report shared by Check Point researchers revealed that malicious actors have been exploiting Google tools like Google Calendar and Google Drawings to send phishing emails.

 In a Rush? Here are the Quick Facts!

  • Check Point shared a study revealing a recent trend where cybercriminals exploit Google Calendar for phishing
  • Malicious actors send imitations of Google Calendar invitations to Gmail users and redirect them to malicious links to steal their data
  • The data gathered in the study shows that more than 300 businesses have been attacked and over 4,000 phishing emails have been sent in the past four weeks

The document states that cybercriminals have been altering the traditional email structure sent by Google Calendar to make it look authentic by changing the “sender” header.

According to the data gathered by the cybersecurity company, over 300 businesses have been impacted by this phishing method and over 4,000 emails with malicious content have been spotted in the past four weeks.

Even if the number isn’t large in proportion, considering that over 500 million people use Google Calendar—according to data from Calendly—, the researchers consider it an important trend.

Hackers’ goal is to make victims click on malicious links and steal personal or corporate information. In these attacks, criminals try to get sensitive data by redirecting to a Google Form or Google Drawings and then to the malicious link.

“Once users reach said page, they are asked to complete a fake authentication process, enter personal information, and eventually provide payment details,” wrote the researchers, explaining how the hackers got the information for financial scams.

Multiple techniques are used, but the trend suggests a strong familiarity with Google Calendar’s formats. “Some of the emails do really look like calendar notifications, while others use a custom format,” explained Check Point.

The experts recommend organizations and users rely on advanced email security solutions, monitor third-party apps with access to Google accounts, and use Multi-Factor Authentication (MFA,), especially in business platforms.

“We recommend users enable the ‘known senders’ setting in Google Calendar. This setting helps defend against this type of phishing by alerting the user when they receive an invitation from someone not in their contact list and/or they have not interacted with from their email address in the past,” said Google when reached out by Check Point.

Did you like this article? Rate it!
I hated it I don't really like it It was ok Pretty good! Loved it!

We're thrilled you enjoyed our work!

As a valued reader, would you mind giving us a shoutout on Trustpilot? It's quick and means the world to us. Thank you for being amazing!

Rate us on Trustpilot
0 Voted by 0 users
Title
Comment
Thanks for your feedback
Loader
Please wait 5 minutes before posting another comment.
Comment sent for approval.

Leave a Comment

Loader
Loader Show more...