Phishers use fake Google Calendar invites to target victims

A financially motivated phishing campaign has targeted around 300 organizations, with over 4,000 spoofed emails sent within four weeks, according to researchers at Check Point.

The attackers manipulate sender email headers to make the messages appear as legitimate Google Calendar invites from known contacts. With over 500 million Google Calendar users, the tactic is highly effective in luring victims.

Typically, these phishing emails include a [.ics] calendar file containing a link to Google Forms or Google Drawings. Clicking the link redirects users to another, often disguised as a reCAPTCHA or support button. However, this link leads to fake cryptocurrency or Bitcoin support pages designed to carry out financial scams.

Once on these fraudulent pages, victims are asked to provide personal information, complete a fake authentication process, and submit payment details, enabling the scammers to steal sensitive data.

Google’s Recommendations:
Google advises users to enable the “known senders” setting in Google Calendar, which alerts users when an invitation comes from someone outside their contact list or with no prior email interaction.

What You Should Do:

• Be cautious of invites with unexpected or unusual requests, such as completing CAPTCHA puzzles.
• Hover over links to verify their destination and manually type URLs into the browser.
• Enable two-factor authentication for all accounts, especially those containing sensitive information.

The FBI reported 298,878 phishing-related complaints in 2023 alone, resulting in $18.7 million in losses. Social engineering attacks like these are easy for cybercriminals to execute and yield significant financial returns.

While Google Calendar is currently being used as bait, attackers continuously evolve their tactics. Stay vigilant, think before you click, and don’t fall for the lure.

Start Learning Ethical Hacking