Google Calendar

Google Calendar exploited to bypass email security: Check Point

Spread the love

Mumbai: Google’s scheduling and time management service tool Google Calendar, has become the latest target for cybercriminals, according to the cybersecurity firm Check Point.

Check Point researchers recently identified a phishing campaign exploiting Google Calendar and Google Drawings. Cybercriminals manipulate “sender” headers to make emails appear legitimate, originating from Google Calendar on behalf of known individuals. This campaign has already impacted 300 brands, with 2,300 phishing emails observed in just two weeks.

According to Calendly.com, Google Calendar has over 500 million users across 41 languages which makes it very popular among users and that popularity has inadvertently attracted malicious actors.
 
Threat Overview:
According to Check Point researchers, attackers initially used Google Calendar invites linking to Google Forms. However, as security products began flagging these, they shifted tactics to leverage Google Drawings. These phishing attempts lure victims into revealing sensitive data, which can be misused for financial scams, unauthorised transactions, and bypassing security on other accounts.

Execution Techniques:
Phishing emails often include a calendar file (.ics) or links to fake support pages. The researchers explained that users are tricked into completing authentication steps, entering personal information, and providing payment details on fraudulent landing pages.
 
Recommendations to Block Attacks:

For organisations:

  • Use advanced email security solutions like Harmony Email & Collaboration for URL reputation checks, attachment scanning, and AI anomaly detection.
  • Monitor third-party Google Apps usage and implement Multi-Factor Authentication (MFA).

For individuals:

  • Be cautious of unexpected invites and hover over links before clicking.
  • Enable two-factor authentication (2FA) on all accounts.

Google has advised users to activate the “known senders” setting in its tool, alerting them to invitations from unfamiliar contacts.

“We recommend users enable the “known senders”setting in Google Calendar. This setting helps defend against this type of phishing by alertingthe user when they receive an invitation from someone not in their contact list and/or they havenot interacted with from their email address in the past,” Google stated.