New research from a cybersecurity solutions provider revealed that hackers and threat actors are now exploiting Google Calendar and Drawings to bypass traditional email security measures.
These cybercriminals send seemingly legitimate invitations that contain harmful links, making detection increasingly difficult.
Many of these emails appear to originate directly from Google Calendar, with calendar files (.ics) linking to Google Forms or Drawings.
To enhance their deception, attackers modify the “sender” headers, creating the illusion that the emails come from trusted individuals.
The primary goal of this strategy is to steal sensitive corporate and personal information.
When targets click on the link within the calendar file, they are often directed to another disguised link, masquerading as a reCAPTCHA or support button.
This leads victims to pages that mimic cryptocurrency mining sites or bitcoin support platforms, designed to execute financial scams.
Once on these fraudulent pages, users are tricked into providing personal and payment information through a fake authentication process.
The stolen data can then be used for credit card fraud and unauthorized transactions across multiple accounts.
In response, Google recommends enabling the ‘known senders’ setting in Google Calendar to enhance security against such phishing attempts.
Organizations are also urged to implement advanced email security solutions and Multi-Factor Authentication (MFA) to protect against evolving threats.
