As Google Calendar becomes a staple for over 500 million users across the globe, hackers are now exploiting this platform to launch a dangerous scam, targeting Gmail users. Security researchers from Check Point have issued a warning about a new phishing tactic using Google Calendar invites and Google Drawings to steal personal and financial information.
How the Scam Works
Cybercriminals are sending seemingly legitimate Google Calendar invites. Once users click “accept” on these calendar invitations, they are unknowingly directed to malicious links, such as Google Forms or Google Drawings. From there, users are tricked into completing a fake reCAPTCHA or support button process, which redirects them to fraudulent cryptocurrency or Bitcoin support pages.
Here, they are asked to provide sensitive personal information, including payment details, under the guise of an authentication process. These emails are camouflaged to appear as if they are sent by legitimate individuals or organizations, making it difficult to spot the scam.
Widespread Impact
Check Point has reported that over 4,000 phishing emails have been sent in just four weeks, affecting approximately 300 brands. The issue is compounded by the fact that these malicious links seem to come directly from Google Calendar, making them easy to trust.
Once users fall for these scams and input sensitive information, hackers can use the stolen data for financial fraud, including unauthorized transactions and credit card scams. Additionally, the information could be used to breach other accounts, amplifying the damage.
How to Protect Yourself
While the scam may seem convincing, there is a way to protect yourself. Check Point recommends turning on the “known senders” setting in Google Calendar. This will alert you when you receive an invitation from someone not in your contact list or someone you haven’t previously interacted with.
To enable the setting:
- Open Google Calendar and go to the Settings menu.
- Under “Event Settings,” select “Add invitations to my calendar.”
- Choose the option that only adds events from known senders (people in your contacts, part of your organization, or those you’ve interacted with).
This simple measure can greatly reduce your chances of falling for phishing scams.
Stay Vigilant
As email scams grow more sophisticated, it’s essential to stay vigilant. If anything seems suspicious, even if it comes from what appears to be a trusted source, it’s better to err on the side of caution. By enabling the “known senders” setting and being cautious of unexpected invites, you can help protect your personal and financial data from falling into the wrong hands.
