{"id":138747,"date":"2024-12-19T10:49:55","date_gmt":"2024-12-19T03:49:55","guid":{"rendered":"https:\/\/hotvideos24.online\/?p=138747"},"modified":"2024-12-19T10:49:55","modified_gmt":"2024-12-19T03:49:55","slug":"ongoing-phishing-attack-abuses-google-calendar-to-bypass-spam-filters","status":"publish","type":"post","link":"https:\/\/hotvideos24.online\/?p=138747","title":{"rendered":"Ongoing phishing attack abuses Google Calendar to bypass spam filters"},"content":{"rendered":"<p> <script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3711241968723425\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-format=\"fluid\"\r\n     data-ad-layout-key=\"-fb+5w+4e-db+86\"\r\n     data-ad-client=\"ca-pub-3711241968723425\"\r\n     data-ad-slot=\"7910942971\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script><br \/>\n<\/p>\n<div>\n<p style=\"text-align:center\"><img loading=\"lazy\" decoding=\"async\" alt=\"Google with a red flare\" height=\"900\" src=\"https:\/\/www.bleepstatic.com\/content\/hl-images\/2023\/12\/29\/google-flare.jpg\" width=\"1600\"\/><\/p>\n<p>An ongoing phishing scam is abusing Google Calendar invites and Google Drawings pages to steal credentials while bypassing spam filters.<\/p>\n<p>According to Check Point, which has been monitoring the phishing attack, the threat actors have targeted 300 brands with over\u00a04,000 emails sent in four weeks.<\/p>\n<p>Check Point told BleepingComputer that the attacks targeted a broad range of companies, including\u00a0educational institutions, healthcare services, building companies, and banks.<\/p>\n<p>The attack starts with the threat actors using Google Calendar to send meeting invites that look pretty innocuous, especially if you recognize some of the other guests.<\/p>\n<p>Embedded in these invites, as shown below, is a link that leads to Google Forms or Google Drawings that prompt the user to click another link, typically disguised as a reCaptcha or support button.<\/p>\n<div style=\"text-align:center\">\n<figure class=\"image\" style=\"display:inline-block\"><img loading=\"lazy\" decoding=\"async\" alt=\"Example Google Calender invite phishing email\" height=\"600\" src=\"https:\/\/www.bleepstatic.com\/images\/news\/security\/phishing\/g\/google-calendar-drawings\/google-calendar-email.jpg\" width=\"1105\"\/><figcaption><strong>Example Google Calender invite phishing email<\/strong><br \/><em>Source: Check Point<\/em><\/figcaption><\/figure>\n<\/div>\n<p>Email Researchers at Check Point told BleepingComputer that by utilizing the Google Calendar services to initiate the phishing invites, they bypass spam filters as they are coming from a legitimate Google service.<\/p>\n<p>&#8220;The attackers utilized Google Calendar services, making the headers appear completely legitimate and indistinguishable from invitations sent by any typical Google Calendar user,&#8221; Check Point told BleepingComputer.<\/p>\n<p>The researchers shared an image of the email headers, showing they passed DKIM, SPF, and DMARC email security checks, allowing the phishing invite to land in the targets&#8217; inboxes.<\/p>\n<div style=\"text-align:center\">\n<figure class=\"image\" style=\"display:inline-block\"><img loading=\"lazy\" decoding=\"async\" alt=\"Mail headers sent in Google Calendar spam\" height=\"142\" src=\"https:\/\/www.bleepstatic.com\/images\/news\/security\/phishing\/g\/google-calendar-drawings\/mail-headers-strk.jpg\" width=\"1565\"\/><figcaption><strong>Mail headers sent in Google Calendar spam<\/strong><br \/><em>Source: Check Point<\/em><\/figcaption><\/figure>\n<\/div>\n<p>To double the number of phishing emails sent to the target, the threat actors can also cancel the Google Calendar event and include a message that will be sent to attendees.<\/p>\n<p>This message can also include a link, such as a Google Drawings link, to further drive targets to phishing pages.<\/p>\n<div style=\"text-align:center\">\n<figure class=\"image\" style=\"display:inline-block\"><img loading=\"lazy\" decoding=\"async\" alt=\"Using Google Drawings as part of Google Calendar phishing\" height=\"577\" width=\"1600\" src=\"https:\/\/www.bleepstatic.com\/images\/news\/security\/phishing\/g\/google-calendar-drawings\/cancelation-message-with-a-link-to-Google-Drawings.jpg\" class=\"b-lazy\"\/><figcaption><strong>Using Google Drawings as part of Google Calendar phishing<\/strong><br \/><em>Source: Check Point<\/em><\/figcaption><\/figure>\n<\/div>\n<p>Google Calendar phishing is not new, with Google previously <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/google-calendar-provides-new-way-to-block-invitation-phishing\/\" target=\"_blank\" rel=\"nofollow noopener\">rolling out protections<\/a> allowing users to block these types of invites more easily.<\/p>\n<p>However, if a Google Workspace administrator does not enable these protections, you will continue to have invites automatically added to your calendars.<\/p>\n<p>Check Point recommends that users be wary of all meeting invites received, and if they prompt you to click on a link, ignore them unless you trust or confirm the sender.<\/p>\n<\/p><\/div>\n<p><script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3711241968723425\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-format=\"fluid\"\r\n     data-ad-layout-key=\"-fb+5w+4e-db+86\"\r\n     data-ad-client=\"ca-pub-3711241968723425\"\r\n     data-ad-slot=\"7910942971\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script><br \/>\n<br \/><div data-type=\"_mgwidget\" data-widget-id=\"1660802\">\r\n<\/div>\r\n<script>(function(w,q){w[q]=w[q]||[];w[q].push([\"_mgc.load\"])})(window,\"_mgq\");\r\n<\/script>\r\n<br \/>\n<br \/><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/ongoing-phishing-attack-abuses-google-calendar-to-bypass-spam-filters\/\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>An ongoing phishing scam is abusing Google Calendar invites and Google Drawings pages to steal credentials while bypassing spam filters. According to Check Point, which has been monitoring the phishing &hellip; <a href=\"https:\/\/hotvideos24.online\/?p=138747\" class=\"more-link\">Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8630],"tags":[],"class_list":["post-138747","post","type-post","status-publish","format-standard","hentry","category-technology","entry"],"_links":{"self":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts\/138747","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=138747"}],"version-history":[{"count":0,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts\/138747\/revisions"}],"wp:attachment":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=138747"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=138747"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=138747"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}