The cybersecurity firm Check Point Software reports that cybercriminals are now exploiting Google Calendar in a new phishing campaign. More than 500 million users worldwide are at risk of being deceived into losing money, having their information stolen, and suffering other harmful consequences.
Manipulation of Google Calendar and phishing tactics
Given Google Calendar’s widespread daily use for organizing schedules, it is unsurprising that cybercriminals have targeted this tool. By manipulating headings and sender details, attackers make emails appear to have been sent via Google Calendar on behalf of a legitimate contact. So far, roughly 300 brands have been affected by this campaign, and security researchers observed about 2,300 such messages over a two-week period.
The malicious emails include a link or a calendar file (.ics) that directs recipients to Google Forms or Google Drawings. Users are then prompted to click another link, often disguised as a CAPTCHA or support button. After clicking, victims are redirected to a landing page designed to mine cryptocurrency or to a fraudulent Bitcoin support page. Once on those pages, they are asked to complete a fake authentication process, provide personal information, and ultimately enter payment details.
How to protect yourself from phishing
“To avoid these kinds of phishing attacks, organizations should deploy advanced email security solutions,” says Fredrik Sandström, security expert at Check Point Software. Such solutions can detect phishing attempts even when trusted platforms like Google Calendar have been manipulated, by scanning attachments, URLs and other indicators. Behavior-analysis tools can spot unusual login attempts or suspicious activity and alert users to potential phishing attempts.
Google Calendar: Security tips — Guidance from Google on improving Calendar security and enabling settings that help protect users from phishing.
Google’s Phishing Protection — An overview of Google’s features designed to protect users from phishing across Gmail and other Google services.
Check Point Software has contacted Google for comment. Google responded: “We recommend users enable the ‘Known senders’ setting in Google Calendar. This setting helps defend against this type of phishing by warning users when they receive an invitation from someone who is not in their contact list and/or someone they have not previously interacted with from that email address.”
Practical steps users and organizations can take include: enabling calendar sender filtering, applying robust email filtering and URL scanning, educating staff and users to verify unexpected calendar invites, avoiding clicking on links or attachments from unfamiliar senders, and using multi-factor authentication to limit the impact if credentials are exposed. Regularly reviewing calendar sharing settings and removing unused third-party integrations can also reduce exposure.
As attackers increasingly exploit trusted collaboration tools, maintaining layered defenses, proactive monitoring and user awareness are essential to reduce the risk of falling victim to calendar-based phishing and related scams.