According to the latest research from Check Point, shared with Hackread.com, a widely used scheduling tool called Google Calendar has become the newest target for cybercriminals.
For your information, Google Calendar is part of Google Workspace (formerly known as G Suite). It is a popular tool for organizing schedules and managing time used by over 500 million people in 41 languages.
According to CPR’s research, attackers are manipulating Google Calendar and its associated features, like Google Drawings, to launch phishing attacks by sending seemingly legitimate emails with links that bypass traditional email security measures. These links appear to connect to Google Forms or Google Drawings, further enhancing the attack’s credibility.
Initially, they exploited the user-friendly features inherent in Google Calendar, offering links connecting to Google Forms. However, after observing that security products could flag malicious Calendar invites, they evolved the attack to align with Google Drawings capabilities.
“Cyber criminals are modifying “sender” headers, making emails look as though they were sent via Google Calendar on behalf of a known and legitimate individual. Roughly 300 brands have been affected by this campaign thus far, with cyber researchers observing over 4,000 of these phishing emails in a four-week period,” revealed Check Point’s blog post.
The attackers leverage the trust and familiarity associated with Google Calendar to lure victims into clicking malicious links. They create a seemingly legitimate calendar invite, often from a known contact or a familiar organization. This initial invite may contain a link to a Google Form Google Drawing or ICS file attachment, which appears to be a simple request for information or a survey, often displaying a CAPTCHA or support button.
However, once the victim clicks on the link, they are redirected to a malicious website designed to steal personal information or corporate data through a fake authentication process, potentially leading to financial scams. This website might mimic a legitimate login page, a cryptocurrency exchange, or a tech support page.
The goal is to trick the victim into entering sensitive information like passwords, credit card details, or personal identification numbers. Stolen information can be used for credit card fraud or unauthorized transactions, posing significant risks to both parties.
It is worth noting that the attackers often use social engineering tactics to increase the credibility of the attack. They might create a sense of urgency, fear, or curiosity to entice victims to click on the malicious link. They may also impersonate trusted individuals or organizations to gain the victim’s trust.
To stay protected from phishing threats, organizations should implement advanced email security solutions, monitor third-party Google App usage, implement strong authentication mechanisms, and use behavior analytics tools to detect unusual login attempts or suspicious activities to ensure a secure and secure online environment for all users.
Joseph Cox, author of the 2024 book “Dark Wire: The Incredible True Story of the… Read More
Dec 19, 2024Ravie LakshmananMalware / Botnet Juniper Networks is warning that Session Smart Router (SSR)… Read More
Dec 19, 2024Ravie LakshmananMalware / Botnet Juniper Networks is warning that Session Smart Router (SSR)… Read More
The Crown Commercial Service’s (CCS) decision to increase its cloud hosting spend with Amazon Web… Read More
A newly disclosed security vulnerability, tracked under CVE-2024-12569, has been identified in Hikvision camera drivers… Read More
TA397, also known as Bitter, targeted a Turkish defense organization with a spearphishing email containing… Read More