Hackers Exploit Google Calendar & Drawings to Bypass Email Security

Google Calendar, with over 500 million active users worldwide and availability in 41 languages, has long been celebrated for its efficiency in organizing schedules and managing time. However, its popularity has also made it a prime target for cybercriminals.

Cybercriminals are leveraging the inherent user-friendly features of Google Calendar and Google Drawings to launch phishing attacks that impersonate legitimate sources.

According to recent findings by cybersecurity researchers at Check Point, malicious actors are manipulating trusted Google tools, including Google Calendar and Google Drawings, to execute sophisticated phishing campaigns.

Researchers observed that attackers modify sender headers, making phishing emails appear as though they originate from Google on behalf of known and trusted individuals.

This tactic has affected around 300 brands, with over 4,000 phishing emails detected in a single four-week period.

The initial wave of phishing attacks exploited Calendar invites, often connecting users to malicious Google Forms links. However, as cybersecurity tools started flagging these invites, attackers shifted strategies to utilize Google Drawings.

These malicious emails often carry links disguised as urgent actions, such as fake reCAPTCHA or support buttons.

Free Webinar on Best Practices for API vulnerability & Penetration Testing:  Free Registration

Cybercriminal Motives and Techniques

The ultimate goal of these phishing campaigns is to deceive users into clicking malicious links or attachments, leading to the theft of sensitive personal or corporate data.

Once this information is compromised, it can be used for fraudulent activities, including credit card fraud, unauthorized transactions, and bypassing account security measures.

The attack is typically executed in stages. It starts with a phishing email containing a Calendar invite file (.ics) or a link to Google Drawings.

Users are encouraged to click on additional links, which redirect them to fraudulent websites masquerading as cryptocurrency mining platforms or bitcoin support pages.

These fake websites prompt users to complete authentication processes, provide personal details, or enter payment information, ultimately enabling financial scams.

Protecting Against the Threat

To counter these rising threats, both organizations and individuals must adopt robust cybersecurity measures. Below are practical recommendations for safeguarding against such phishing attacks:

For Organizations:

1. Advanced Email Security Solutions: Use tools like Harmony Email & Collaboration, which detect and prevent sophisticated phishing attempts. Features such as attachment scanning, URL reputation checks, and AI-driven anomaly detection can block malicious content.
2. Monitor Third-Party Google Apps: Employ cybersecurity tools to detect and flag suspicious activities in third-party apps connected to Google accounts.
3. Implement Multi-Factor Authentication (MFA): Enforce MFA for business accounts to add an additional layer of security. Complement this with behavior analytics tools to identify unusual login attempts or navigation to suspicious sites.

For Individuals:

1. Be Cautious with Event Invites: Scrutinize unexpected Calendar invites or those requesting unusual actions, such as completing CAPTCHAs.
2. Verify Links Before Clicking: Hover over links to preview their destination. Alternatively, type the URL directly into a browser to visit the website safely.
3. Enable Two-Factor Authentication (2FA): Activate 2FA for Google accounts and other sensitive platforms to prevent unauthorized access, even if credentials are compromised.
4. Utilize Google’s “Known Senders” Feature: Enable this option in Google Calendar to receive alerts when invitations are sent from unknown contacts or addresses with no prior interaction.

Google’s Response

Addressing the issue, Google strongly advises users to enable the “known senders” setting in Google Calendar. “This setting helps defend against phishing by notifying users when they receive invitations from someone unknown or not listed in their contacts,” Google stated.

As cybercriminals continue to refine their tactics, prioritizing email and collaboration security in 2025 will be crucial for organizations and individuals. Upgrading to advanced security solutions and remaining vigilant against phishing attempts can mitigate risks and protect valuable information.

For organizations seeking enhanced security, Google recommends exploring solutions like Harmony Email & Collaboration. For a demo and consultation on upgrading email security, visit their official site.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free