HQ/EMEAFind out how we can help your business
Threat actors are taking advantage of Google Calendar invites and Google Drawings pages to execute a phishing campaign that seeks to acquire credentials, such as passwords, and bypass spam filters.
The newly discovered malicious campaign has the potential to be a widespread threat. In four weeks, the threat actors have already targeted at least 300 brands and sent phishing emails to more than 4000 accounts.
Moreover, the researchers claimed that the campaign targets various industries, such as academic institutions, healthcare services, construction firms, and financial organisations.
The phishing campaign that abuses the Google Calendar starts with meeting invites.
According to investigations, the threat actors who leverage the Google Calendar initiate their attacks by sending meeting invites that appear to be harmless, especially if the targeted individuals know some of the other guests in the meeting.
In addition, these invites include a link that redirects the targets to Google Forms or Google Drawings. These landing pages will then prompt the unaware users to click another link, often disguised as a reCaptcha or help button.
The researchers explained that the attackers could execute this campaign by avoiding spam filters by using Google Calendar services to send phishing invites since spam filters could not flag messages from a valid Google account.
The threat actors also utilised the calendar services to make the headers appear entirely genuine and indistinguishable from invitations from any regular Google Calendar user. Furthermore, the phishing operators can cancel the Google Calendar event and attach a message for attendees to increase the amount of phishing emails sent to the target.
This message may also contain a link, such as a Google Drawings link, to direct targets to phishing pages.
Google Calendar phishing is not a new tactic for threat actors. Google has already released measures allowing users to block these types of invitations. However, if a Google Workspace admin does not adopt these protection protocols, invites will still be automatically added to users’ calendars.
Therefore, the public should be wary of these meeting invitations, especially if they are not expecting any. Avoid clicking links from such invites unless it has a legitimate source to avoid falling victim to these phishing operations.
