Scammers pose danger by imitating Google Calendar

Cyber ​​fraudsters impersonating Google Calendar for phishing detected

It has been observed that cyber crooks are imitating Google Calendar by sending emails aimed at stealing users’ private and business information.

A report from Check Point Security describes how scammers manipulate the sender email header and email content to make it look like a Google Calendar invite from a known contact. In the body itself, they add an .ics suffix, a calendar app file, and a link to Google Forms or Google Drawings. In these links, users are then asked to click on another link that often resembles a reCAPTCHA or support button. This link directs the victim to a website that resembles a cryptocurrency mining or Bitcoin support site.

It’s hard to distinguish fake emails from real ones

“These pages are actually designed to commit financial fraud,” Check Point Research said in its report. “When users reach that page, they are asked to complete a fake identity verification process, enter their personal information, and finally fill in their payment details.

The campaign appears to have been designed successfully. Check Point claims that 300 brands have been affected by the fraudulent activity so far and more than 4,000 phishing emails have been sent over the course of 4 weeks.

Evaluating the findings, Google said that the best method of defense is to enable “known senders” in Calendar. This feature is helpful as it will alert the user when they receive an invitation from someone who is not in their contact list or from someone they have not interacted with before.

Leaving “known senders” aside, users should use common sense and be careful when receiving unsolicited messages, especially those with attachments or links. If they are unsure whether the message is genuine or not, they should reach out to the sender named in the email through different channels and confirm the authenticity of the message received.