An ongoing phishing rip-off is abusing Google Calendar invitations and Google Drawings pages to steal credentials whereas bypassing spam filters.
In response to Verify Level, which has been monitoring the phishing assault, the risk actors have focused 300 manufacturers with over 4,000 emails despatched in 4 weeks.
Verify Level instructed BleepingComputer that the assaults focused a broad vary of corporations, together with academic establishments, healthcare companies, constructing corporations, and banks.
The assault begins with the risk actors utilizing Google Calendar to ship assembly invitations that look fairly innocuous, particularly in case you acknowledge a few of the different visitors.
Embedded in these invitations, as proven under, is a hyperlink that results in Google Types or Google Drawings that immediate the person to click on one other hyperlink, sometimes disguised as a reCaptcha or help button.
Supply: Verify Level
E mail Researchers at Verify Level instructed BleepingComputer that by using the Google Calendar companies to provoke the phishing invitations, they bypass spam filters as they’re coming from a professional Google service.
“The attackers utilized Google Calendar companies, making the headers seem utterly professional and indistinguishable from invites despatched by any typical Google Calendar person,” Verify Level instructed BleepingComputer.
The researchers shared a picture of the e-mail headers, displaying they handed DKIM, SPF, and DMARC e mail safety checks, permitting the phishing invite to land within the targets’ inboxes.
Supply: Verify Level
To double the variety of phishing emails despatched to the goal, the risk actors may also cancel the Google Calendar occasion and embrace a message that might be despatched to attendees.
This message may also embrace a hyperlink, corresponding to a Google Drawings hyperlink, to additional drive targets to phishing pages.
Supply: Verify Level
Google Calendar phishing will not be new, with Google beforehand rolling out protections permitting customers to dam all these invitations extra simply.
Nevertheless, if a Google Workspace administrator doesn’t allow these protections, you’ll proceed to have invitations mechanically added to your calendars.
Verify Level recommends that customers be cautious of all assembly invitations acquired, and in the event that they immediate you to click on on a hyperlink, ignore them until you belief or verify the sender.
