Phishing Scam Exploits Google Calendar to Bypass Security Filters

A Bleeping Computer article highlights a recent phishing scam that abuses Google Calendar and Google Drawings to steal credentials while bypassing email spam filters. Check Point, which has tracked the attack, reports over 4,000 phishing emails targeting 300 brands in just four weeks. Victims span diverse sectors, including education, healthcare, construction, and finance.

The attack leverages Google Calendar to send legitimate-looking meeting invites. These invites often appear innocuous and may include familiar names among the attendees. Embedded links direct recipients to Google Forms or Google Drawings, where they are prompted to click disguised phishing links, such as reCaptcha or support buttons.

According to the article, this technique exploits the trustworthiness of Google services, allowing phishing emails to bypass spam filters by passing DKIM, SPF, and DMARC checks. Additionally, attackers can cancel events and send follow-up messages with further phishing links, doubling their reach.

Google Calendar phishing is not new. While Google has introduced protections, these must be enabled by Google Workspace administrators. Without these settings, phishing invites can still automatically populate user calendars.

The article advises heightened vigilance: scrutinize all meeting invites and avoid clicking on embedded links unless you can verify their legitimacy. Organizations should proactively enable Google Workspace protections to mitigate these threats.

This campaign underscores the persistent evolution of phishing scam tactics and highlights the need for user awareness and robust email security measures.