Cybercriminals are exploiting Google Calendar's popularity in a phishing scheme, impersonating legitimate invites to steal personal and financial information.
Criminals are spoofing Google Calendar emails in a financially motivated phishing expedition that has already affected about 300 organizations with more than 4,000 emails sent over four weeks, according to Check Point researchers. The criminals modify sender email headers so the messages appear to be legitimate Google Calendar invites sent from someone the victim knows. It's a good lure, from the fraudsters' perspective, because more than 500 million people use Google Calendar .
The phishing emails usually include a .ics calendar file with a link to Google Forms or Google Drawings. Once the recipient clicks on the link, they are prompted to click on another one, which Check Point notes is typically disguised as a reCAPTCHA or support button. Spoiler alert: it's fake. Once the victim clicks the malicious link, they land on what looks like a cryptocurrency mining or Bitcoin support page.in a blog about the phishing campaign.'Once users reach said page, they are asked to complete a fake authentication process, enter personal information, and eventually provide payment details.' Check Point reached out to Google about the phishing emails, and here's what the tech giant suggested: We recommend users enable the 'known senders' setting in Google Calendar. This setting helps defend against this type of phishing by alerting the user when they receive an invitation from someone not in their contact list and/or they have not interacted with from their email address in the past. The security shop offers its own advice to protect against becoming a victim of this and other phishing campaigns, including taking extra precautions upon receiving event invites with'unexpected' or'unusual steps' and requests – such as completing a CAPTCHA puzzle.Red team hacker on how she 'breaks into buildings and pretends to be the bad guy' Also,'think before you click.' Hover over links and then type the URL into Google rather than just clicking on i
PHISHING GOOGLE CALENDAR CYBERCRIME SECURITY DATA BREACH
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
'Best advent calendar I have ever purchased’ – The Nivea advent calendar is 50% offBlack Friday deals are already here. This is the perfect opportunity to treat yourself to the Nivea advent calendar!
Read more »
'Best advent calendar for readers' - Disney advent calendar hits saleWave goodbye to traditional advent calendars and get yourself or a loved one this book collection that's perfect for avid readers of any age - plus, it's on sale
Read more »
'I saved £500 on top beauty products thanks to the Glossybox advent calendar'Netmums' Lifestyle Editor is a beauty calendar convert after testing out the Glossybox 2024 advent calendar
Read more »
Google warns millions over ‘random emoji’ clue that you’re about to suffer costly phishing scam...Google explains passkeys as it makes passwords ‘obsolete’
Read more »
The only thing worse than being fired is scammers fooling you into thinking you're firedScumbags play on victims' worst fears in phishing campaign referencing UK Employment Tribunal
Read more »
Russian spies may have moved in next door to target your networkPlus: Microsoft seizes phishing domains; Helldown finds new targets; Illegal streaming with Jupyter, and more
Read more »