Google Calendar, a widely used tool for organizing schedules and managing time, has become a target for cybercriminals due to its popularity and efficiency in everyday tasks. Researchers at Check Point have observed an increase in phishing attacks using Google Calendar and Google Drawings to trick users into divulging sensitive information.
The attackers modify “sender” headers to make the emails appear as though they originated from Google Calendar on behalf of a known individual, with around 300 brands affected by this campaign so far. Over 4,000 phishing emails have been detected in just four weeks.
Cybercriminals aim to fool users into clicking on malicious links or attachments that allow for the theft of corporate or personal information, which can be used for financial scams such as credit card fraud and unauthorized transactions. The stolen information may also bypass security measures on other accounts, leading to further compromise.
To block these attacks, organizations should consider advanced email security solutions with features like attachment scanning, URL reputation checks, and AI-driven anomaly detection. Individuals can take steps by being cautious of fake event invites, examining incoming content carefully, enabling two-factor authentication for sensitive information, and keeping their email security solution up-to-date.
Google recommends users enable the “known senders” setting in Google Calendar to defend against phishing attempts. In 2025, organizations are advised to upgrade their email security solution with expert guidance from Harmony Email & Collaboration.
Source: https://blog.checkpoint.com/securing-user-and-access/google-calendar-notifications-bypassing-email-security-policies