Alert: Sophisticated Google Calendar Scam Steals Credentials from Major Organizations

Alert: Sophisticated Google Calendar Scam Steals Credentials from Major Organizations

Google Calendar Phishing Scam Targets Major Organizations

A sophisticated phishing campaign exploiting Google Calendar and Google Drawings has been identified by Check Point researchers. The operation has targeted 300 brands, sending over 4,000 phishing emails within a four-week period, affecting various sectors including education, healthcare, construction, and banking.

The Attack Method:
– Threat actors send seemingly legitimate Google Calendar meeting invites
– Invites contain malicious links directing to Google Forms or Drawings
– Secondary links disguised as reCaptcha or support buttons lead to phishing pages

Security Bypass:
The campaign successfully evades standard security measures by:
– Utilizing legitimate Google services
– Passing DKIM, SPF, and DMARC email security checks
– Appearing as authentic Google Calendar communications

Attack Amplification:
Attackers maximize their reach by:
– Sending initial calendar invites
– Following up with event cancellation messages containing additional malicious links
– Using Google Drawings as secondary attack vectors

While Google has implemented protective measures against calendar-based phishing, organizations remain vulnerable if Google Workspace administrators haven’t enabled these security features. Users are advised to exercise caution with unexpected calendar invites and verify sender authenticity before clicking any embedded links.

Share This Article