A sophisticated phishing campaign exploiting Google Calendar has been uncovered by Check Point Software Technologies, raising alarms among cybersecurity experts. Cybercriminals are sending fake meeting invitations that appear legitimate, redirecting victims to phishing sites, and mimicking Google’s platforms to steal sensitive information. This emerging threat is particularly concerning given the widespread use of Google Calendar, which serves over 500 million users globally in 41 different languages. Researchers have identified nearly 4,000 phishing attempts in a matter of weeks, impersonating over 300 reputable brands.
How the scam works
Hackers leverage the trust in Google’s services to carry out their attacks. Victims receive seemingly authentic meeting invites via Google Calendar. Upon clicking links within these invites, they are taken to fake web pages that prompt them to input personal data. Once compromised, this information can be used for identity theft, financial fraud, and unauthorized access to other accounts. Security experts warn that attackers are now using AI to craft highly convincing fake invitations, making it even harder to spot the fraud. Reacting to the findings from Check Point, a spokesperson for Google said:
We recommend users enable the ‘Only If The Sender Is Known’ setting in Google Calendar. This setting helps defend against this type of phishing by alerting the user when they receive an invitation from someone not in their contact list and/or they have not interacted with from their email address in the past.”
ASK KURT: HOW TO NAVIGATE GOOGLE’S PRIVACY SETTINGS
Google’s ‘Known Senders’ setting: A shield against calendar phishing
Google has introduced the ‘known senders’ feature in Google Calendar to combat sophisticated phishing attempts. This setting helps you filter out potentially malicious calendar invites. Here’s how to enable it:
- Open Google Calendar and click the gear icon to access Settings.
- Under ‘General’, select ‘Event Settings’.
- In ‘Add invitations to my calendar’, choose ‘Only if the sender is known’.
This ensures that only events from contacts, your organization, or previous interactions are automatically added to your calendar.
HOW ONE MAN GOT SCAMMED IN SECONDS USING GOOGLE
Additional security measures
To further protect yourself from phishing scams:
Scrutinize unexpected invites carefully: Examine the sender’s details, including their name, domain, and email address, for any inconsistencies or signs of spoofing.
Avoid clicking suspicious links or downloading attachments from unknown sources: Threat actors often embed malicious links in calendar invites that can lead to phishing websites designed to steal your personal information.
Use strong antivirus software: This provides an additional defense mechanism against malware and can help detect potential phishing attempts before they cause damage. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
My top pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices.
Enable two-factor authentication (2FA) for your Gmail account: 2FA adds an extra layer of security that can prevent unauthorized access, even if your credentials are compromised.
Keep your security settings up-to-date: Regularly review and adjust your calendar and email settings to protect against evolving phishing tactics.
HOW A WRONG GOOGLE SEARCH CAN COMPROMISE YOUR DATA AND BRING LAW ENFORCEMENT CALLING
Kurt’s key takeaways
As phishing tactics evolve, cybercriminals are exploiting trusted platforms like Google Calendar to bypass traditional security measures. This underscores the importance of user vigilance and proactive security practices. By enabling the ‘known senders’ setting and implementing additional security measures, you can significantly reduce the risk of falling victim to calendar-based phishing scams.
FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2025 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.