Meeting invitations are sent which bypass email filters.
An ongoing phishing scam involves the exploitation of Google Calendar to facilitate the compromise of credentials.
According to Check Point, which has been monitoring the phishing attack, the threat actors have targeted 300 brands with over 4,000 emails sent in four weeks.
Researchers from Check Point told BleepingComputer that the attacks start with the threat actors using Google Calendar to send meeting invites that look innocuous, especially if you recognise some of the other guests.
The invites contain links redirecting to a Google Forms or Google Drawings page with a reCaptcha or support button that redirected to phishing pages.
The use of the Google Calendar service ensures spam filters are bypassed, as they come from a legitimate Google service.
So far educational institutions, healthcare services, building companies, and banks have been targeted.
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
