- Check Point spots hackers sending fake Google Calendar invites
- The invites point to a phishing page where they can lose sensitive information
- Google recommends turning on “Known senders” feature in Calendar
Cybercriminals have been spotted impersonating Google Calendar, sending emails which look to steal victim’s private, and business, information.
A report from Check Point Security notes how the criminals would tweak the sender email header to make the message look as if it’s a Google Calendar invite coming from a known contact. In the body itself, they would add a .ics attachment, a calendar app file, together with a link to either Google Forms, or Google Drawings. On these links, the victims would then be asked to click on another link, which usually looks like a reCAPTCHA, or support, button.
This link would lead the victim to a website that looks like a cryptocurrency mining, or Bitcoin support site.
Successful attack
“These pages are actually intended to perpetrate financial scams,” Check Point Research said in its report. “Once users reach said page, they are asked to complete a fake authentication process, enter personal information, and eventually provide payment details.”
The campaign seems to have been a success, with Check Point claiming roughly 300 brands have been infected so far, and more than 4,000 phishing emails sent over the course of four weeks.
Commenting on the findings, Google said the best way to defend is to enable “known senders” in the Calendar. This feature helps, since it will alert the user when they get an invitation from someone who is not in their contacts list, or from someone with whom they’ve not interacted before.
“Known senders” aside, users should also use common sense, and just be careful when receiving any unsolicited message, particularly around those that come with attachments or links. If they are unsure if the message is legitimate or not, they should reach out to the alleged sender via other means, and confirm the authenticity of the received message.