Cybercriminals are using fake Google Calendar invites in a global phishing attack to steal personal information from unsuspecting users.
Cybercriminals are using fake Google Calendar invites in a global phishing attack to steal personal information from unsuspecting users. These fake invites look real, as if they’re coming from trusted sources, but they lead to malicious websites designed to steal your login details. Researchers from Check Point Software recently uncovered this scam, which has already impacted thousands of people.
How the Scam Works?
In this campaign, scammers create emails that look like genuine Google Calendar invitations. At first, they included harmful calendar files (.ics) in these invites. However, when security systems started flagging such files, the attackers changed their approach. They now use links to Google services like Google Forms and Google Drawings, making it harder for email filters to detect the fraud. This new tactic allows phishing emails to bypass many security systems.
Why is Google Calendar Targeted?
Google Calendar’s popularity is one of the reasons it’s a target. With over 500 million users, it’s a platform scammer can exploit widely. Once users click on the malicious links, they’re directed to fake login pages. The information entered here, such as usernames and passwords, can be used to access personal accounts or commit financial fraud. Over just four weeks, researchers observed more than 4,000 phishing emails tied to this campaign, many pretending to be from well-known brands.
How You Can Stay Safe?
Here are some practical tips to protect yourself from this scam:
- Be Cautious with Unknown Invites: If you receive a calendar invite from someone you don’t know, take a moment to verify it. Don’t assume it’s safe.
- Check Email Addresses Carefully: Double-check the sender’s email address to ensure it’s from a legitimate source.
- Avoid Clicking on Suspicious Links: If something looks odd, don’t click the link. Instead, visit the official website by typing its address into your browser.
- Keep Your Software Updated: Make sure your devices and security tools are up to date to help detect and block phishing attempts.
- Educate Yourself and Others: Learn to recognize phishing scams and share this knowledge with colleagues and family members to reduce risk.
By staying aware and following these precautions, you can avoid falling victim to these increasingly deceptive phishing campaigns.
Want your digital assets to be protected?
CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.