Phishing Alert: Cybercriminals Exploit Google Calendar Invites to Steal Credentials
Dark Reading
|
Contributed by: Drex DeFord
Summary
A recent phishing campaign has been uncovered by Check Point Software, utilizing Google Calendar invites to trick users into revealing their credentials. Attackers have altered email headers to make their phishing attempts appear as legitimate calendar notifications from trustworthy sources. Initially using malicious .ics files, they have since adapted their strategy to include links to Google Drawings and Forms, complicating detection efforts. With over 500 million Google Calendar users, this campaign poses significant risks for financial fraud. The emails often mimic familiar notifications and direct victims to deceptive pages masquerading as cryptocurrency-related sites.
