A new phishing campaign is targeting businesses by exploiting Google Calendar to deliver malicious links and bypass spam filters.
How the Scam Works:
- Calendar Invites: Attackers send malicious meeting invites through Google Calendar.
- Embedded Links: These invites contain links that redirect users to Google Forms or Google Drawings pages.
- Phishing Pages: These pages prompt users to click on another link, often disguised as a reCaptcha or support button.
- Malware Delivery: Clicking this final link leads to the download of malware or redirects users to phishing websites.
Bypassing Spam Filters:
The attackers leverage the legitimacy of Google Calendar to bypass spam filters. Emails sent through Google Calendar services appear legitimate, with authentic headers that pass security checks like DKIM, SPF, and DMARC.
Escalating the Attack:
Attackers can further increase the reach of their campaign by canceling the initial Google Calendar event. This triggers a notification to all attendees, including a message containing another malicious link.
Recommendations:
- Be Wary of Unexpected Invites: Exercise caution with unexpected Google Calendar meeting invites, especially those from unknown or suspicious senders.
- Verify Links: Never click on links within calendar invites unless you are certain of the sender’s legitimacy.
- Enable Google Workspace Protections: Administrators should enable Google Workspace protections to block unwanted calendar invites.
This phishing campaign highlights the importance of maintaining vigilance and practicing safe online behaviour, even when interacting with trusted platforms like Google Calendar.