Cybercriminals are exploiting a vulnerability in email security measures by using Google Calendar and Drawings to send fake invites containing malicious links. According to new research from Check Point, these phishing attacks can bypass previously effective security policies that flagged suspicious calendar invites.
The attackers modify the “sender” headers of emails to make them appear as though they were sent via Google Calendar on behalf of a known individual. This makes the emails look legitimate and increases the chances of users clicking on the malicious link. The link then redirects users to a fake reCAPTCHA or support button, which appears to be part of a cryptocurrency mining process.
Once users provide sensitive information, it is used to perpetuate financial scams such as credit card fraud and unauthorized transactions. Check Point advises organizations to implement advanced email security platforms that can block sophisticated phishing attempts, monitor third-party app activity for suspicious behavior, switch on Multi-Factor Authentication (MFA), and deploy behavior analytics tools to detect unusual login attempts.
Google has also recommended a solution, enabling the “known senders” setting in Google Calendar to alert users when they receive an invitation from someone not in their contact list. By taking these precautions, organizations can protect their users from this type of phishing attack.
Source: https://www.infosecurity-magazine.com/news/cybercriminals-exploit-google