Watch out - that Google Calendar meeting invite could be dangerous malware

News
By published

Crooks are spoofing Google Calendar to send phishing emails

Google Calendar
(Image credit: Google)
  • Check Point spots hackers sending fake Google Calendar invites
  • The invites point to a phishing page where they can lose sensitive information
  • Google recommends turning on "Known senders" feature in Calendar

Cybercriminals have been spotted impersonating Google Calendar, sending emails which look to steal victim's private, and business, information.

A report from Check Point Security notes how the criminals would tweak the sender email header to make the message look as if it’s a Google Calendar invite coming from a known contact. In the body itself, they would add a .ics attachment, a calendar app file, together with a link to either Google Forms, or Google Drawings. On these links, the victims would then be asked to click on another link, which usually looks like a reCAPTCHA, or support, button.

This link would lead the victim to a website that looks like a cryptocurrency mining, or Bitcoin support site.

Successful attack

"These pages are actually intended to perpetrate financial scams," Check Point Research said in its report. "Once users reach said page, they are asked to complete a fake authentication process, enter personal information, and eventually provide payment details."

The campaign seems to have been a success, with Check Point claiming roughly 300 brands have been infected so far, and more than 4,000 phishing emails sent over the course of four weeks.

Commenting on the findings, Google said the best way to defend is to enable “known senders” in the Calendar. This feature helps, since it will alert the user when they get an invitation from someone who is not in their contacts list, or from someone with whom they’ve not interacted before.

“Known senders” aside, users should also use common sense, and just be careful when receiving any unsolicited message, particularly around those that come with attachments or links. If they are unsure if the message is legitimate or not, they should reach out to the alleged sender via other means, and confirm the authenticity of the received message.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Fraude en ligne phishing
Google forced to step up phishing defenses following ‘most sophisticated attack’ it has ever seen
Fraude en ligne phishing
Google Search ads are being hacked to steal account info
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
Robotic hand clicking on captcha 'I am not a robot'.
Double clicking danger - experts warn just two clicks can let attackers steal your accounts
Someone checking their credit card details online.
Hackers use CAPTCHA scam in PDF files on Webflow CDN to get past security systems
Smartphone with new logo X twitter app background. Application twitter old blue bird change X black and white new.
Phishing campaign targets prominent X users, accounts at risk
Latest in Security
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
Latest in News
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
More about security
Hacker silhouette working on a laptop with North Korean flag on the background

North Korea unveils new military unit targeting AI attacks

Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)

This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Compal Infinite Laptop

This laptop has a horizontal rollable display that extends to 18 inches, and I can't wait to try it
See more latest
Most Popular
Compal Infinite Laptop
This laptop has a horizontal rollable display that extends to 18 inches, and I can't wait to try it
Silicon Motion MonTian 128TB SSD
More 128TB SSDs on the way, but they won't be cheaper: Key maker of NAND flash controllers says 128TB SSDs are shipping
Toshiba HDD Innovation Lab
How to make hard drives faster? Simple, just bunch dozens of them together, Toshiba says
Asus Ascent GX10
Asus debuts its own mini AI supercomputer: Ascent GX10 costs $2999 and comes with Nvidia's GB10 Grace Blackwell Superchip
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Micron SOCAMM memory module
World's biggest RAM vendors develop superior memory form factor exclusively for Nvidia, sorry Intel and AMD