
Cybercriminals Exploit Google Calendar and Drawings for Phishing Scams | Image Source: www.infosecurity-magazine.com
NEW YORK, 18 December 2024 – Cybercriminals use Google Calendar and Drawing to launch sophisticated phishing attacks, overcoming traditional email security systems, according to Check Point’s recent research, reported by InfoSecurity Magazine. These methods benefit from the inherent trust in Google’s services, to deceive users to provide confidential information, including payment details.
How cyber criminals exploit Google services
The study highlights a significant change in phishing tactics. Initially, malicious actors exploited Google Calendar invitations, sending emails with attached calendar files (.ics) that included links to fraudulent Google Forms or Drawings pages. Security systems have begun to detect these invitations as malicious. However, the adapted attackers using Google Drawings to create more sophisticated lures that can escape detection.
To make their emails legitimate, attackers modify the “sign” headers by ensuring that the communication seems to come from Google Calendar. These e-mails often appear to be sent on behalf of well-known and reliable people, which increases the likelihood that victims click on integrated links. Once engaged, users are directed to false landing pages that mimic cryptocurrency support or mining sites, according to Check Point.
The anatomy of the phishing attack
By clicking on the links, victims find a secondary page disguised as a misleading visual, as false forms of reCAPTCHA. Users are asked to own their identity and provide personal information, including payment details. According to Check Point, this process ultimately allows cyber criminals to collect sensitive data, which can be used for various fraudulent activities, such as credit card fraud or unauthorized transactions.
The research also revealed that stolen information is often used to circumvent security mechanisms in other accounts, applying the damage caused by the initial breach. Financial scams and identity theft are the main objectives of these attacks, which pose a serious risk to individuals and organizations.
Google Recommendations for Risk Mitigation
In response to these findings, Google recommended allowing the configuration of “known transmitters” in Google Calendar. This feature warns users when they receive invitations from unknown or unverified transmitters, providing an additional layer of security. A Google spokesperson said, “We recommend that users activate the configuration of the ‘recognized shipping’ on Google Calendar. This configuration helps to defend against this type of phishing by alerting the user when he receives an invitation from someone who is not on his contact list and/or has not interacted with his email address in the past. ”
Google also highlighted the importance of user monitoring and the role of multi-layered security protocols in reducing these risks.
Proactive measures for organizations
To combat these evolving threats, Check Point and other experts described several strategies for organizations. Advanced security platforms are essential to block sophisticated phishing attempts. Monitoring Google third-party applications for suspicious activities can further improve organizational defense mechanisms.
The activation of Multifactor Authentication (MFA) in commercial accounts is another essential guarantee, as it reduces the risk of unauthorized access. In addition, the deployment of behavioural analysis tools to detect unusual attempts at connection or suspicious navigation, particularly for cryptomoneda-related websites, may provide early warning of possible engagements.
More general impacts of the threat
The operation of Google services reflects a wider trend in cybercrime, where attackers are constantly adapted to security systems. By targeting platforms with a high level of user confidence, such as Google Calendar, malicious actors amplify their chances of success. These incidents underscore the importance of ongoing research, strong cyber security measures and user awareness to mitigate the effects of these attacks.
As cybercriminals perfect their techniques, businesses and people need to be vigilant, taking proactive steps to protect their digital environment. The use of reliable tools such as the MFA, as well as behavioural analysis, is an essential step in effectively addressing these threats.
While the details of these attacks highlight the ingenuity of cyber criminals, they also recall the need to continue investing in security and training technologies to continue to overcome the evolving threat.