The Google Calendar is a useful schedule and time management tool designed to help individuals and businesses plan their day efficiently. According to the Calendly.With, the Google Calendar used by over 500 millions users and is available at 41 different languages.
Its popularity and efficiency Google Calendar in everyday work have made it a tempting target for cybercriminals. Recently, cybersecurity researchers of Read our BuurtBankjes Factsheet XNUMX Point they detected her manipulation of specialized tools Google – specifically his Google Calendar and Google Drawings – from malicious actors. Many of the emails they look legit as they appear to come directly from the Google Calendar.
Cybercriminals modify them sender headers, doing them emails to look like they were sent through Google Calendar on behalf of some well-known and reliable person. So far, approx 300 brands have been affected by this campaign, while researchers have noticed 2.300 such Phishing emails into space two weeks.
Threat Overview
As mentioned earlier, these attacks Phishing they initially took advantage of its user-friendly features Google Calendar, with links leading to Google Forms.
However, after security products began to detect malicious invitations Calendar, cybercriminals adapted and they developed their attack now taking advantage of his potential Google Drawings.
Motivations of Cybercriminals
At the heart of this campaign is the cybercriminals' attempt to trick users into clicking on malicious links or attachments, allowing her theft of corporate or personal data.
Once a user unknowingly discloses sensitive information, that data is used to economic scams is covered, such as:
- Credit card forgery
- Unauthorized transactions
- Similar illegal activities
Additionally, stolen information can be used to bypass security measures on other accounts, leading to further breaches.
For both organizations and individuals, these types of scams are great stressful and they often have long-term and detrimental consequences.
Attack Execution Techniques
Initially, the emails include one link or the log file (.ics) with a link to Google Forms ή Google Drawings.
Users are then prompted to click on another link, often disguised as false reCAPTCHA or support button.
After clicking, the user is redirected to a page that looks like a page support bitcoin or cryptocurrency mining platform.
In fact, these pages aim to commit financial frauds. Users are asked to complete a false identification process, enter personal information and, ultimately, provide payment information.
The following attack Phishing started with an invitation via Google Calendar. Some of the emails are very similar to calendar notifications, while others use custom format:
Initial phishing attack email example
Google Calendar set-up
Blocking the Attack
For organizations that want to protect users from these types of threats Phishing, here are some practical suggestions:
● Advanced security solutions Email
Solutions like Harmony Email & Collaboration they can effectively detect and block even the most sophisticated attempts Phishing – even when trusted exploits platforms, As the Google Calendar and Google Drawings.
Top security solutions include attachment scanning, reputation checks URL and anomaly detection using Artificial Intelligence (AI).
● Track usage of third-party applications Google
Use cybersecurity tools that can detect and alert on suspicious activity in third-party applications.
● Implementation of strong identification mechanisms
One of the most important actions is implementation Multifactor Identification (MFA) for all business accounts.
In addition, use behavioral analysis tools that detect unusual login attempts or suspicious activities, such as browsing cryptocurrency-related websites.
Practical advice for individuals
For those who are worried about such scams in their personal Email, here are some suggestions:
● Be careful with fake event invitations
Check if the invitation contains unexpected information or asks you to perform strange actions (eg. CAPTCHA). In such cases, avoid any interaction.
● Carefully review incoming content
Think before you click. Place the mouse over the links to see their actual destination and enter the address URL on Google to access the website in a more secure way.
● Enable Two-Step Verification (2FA)
For bills Google and other platforms that contain sensitive data, enable it Double Verification (2FA). Even if your credentials are compromised, 2FA can prevent attackers from accessing your accounts.
“We recommend that users enable the “known senders” setting on Google Calendar. This particular setting helps to deal with this kind of thing Phishing notifying the user when they receive an invitation from someone who is not in their contacts or with whom they have no previous interaction through Email. "