Cybercriminals have recently turned their attention to Google Calendar and Google Drawings to launch sophisticated phishing attacks. Exploiting the trusted and widely used Google tools, attackers are able to manipulate the appearance of emails, making them look as though they originate from trusted sources, including Google itself. This tactic has been particularly effective, as the phishing emails often contain calendar invites or links to malicious Google Drawings documents that lure unsuspecting users into clicking on dangerous links.
The phishing campaigns typically begin with an email containing a Google Calendar invite or a Google Drawings link. Users are encouraged to click on additional links within the invite, which then redirects them to fake websites, often masquerading as cryptocurrency mining platforms or customer support pages. These fraudulent sites prompt victims to enter sensitive personal information, such as login credentials, payment details, or even complete authentication processes, which are then used for financial scams or data theft.
In the past four weeks, researchers have detected over 4,000 phishing emails targeting approximately 300 brands. As email security systems began flagging Calendar invites, cybercriminals adapted their strategies by shifting to Google Drawings to continue bypassing detection. This demonstrates the evolving nature of phishing tactics and highlights the increasing sophistication of cybercriminals, who are now utilizing trusted and legitimate services to deceive users.
To protect against these rising threats, both organizations and individuals are urged to adopt robust cybersecurity practices. For businesses, implementing advanced email security solutions, such as Harmony Email & Collaboration, can help detect and block phishing attempts. Enabling multi-factor authentication and regularly monitoring third-party apps connected to Google accounts are also crucial steps. Individuals should be cautious when receiving unexpected calendar invites, verify links before clicking, and enable Google’s “known senders” feature to identify potential phishing attempts. By staying vigilant and proactive, users can reduce the risk of falling victim to these increasingly prevalent phishing attacks.
Reference:
