Cybercriminals are now modifying the "sender" headers of Google Calendar invites to lure you into clicking malicious links, according to a study from Check Point.
Typically, when you receive a Google Calendar invite in your inbox, you'll see the sender's name and the email subject containing event details. If you open the email, you'll find more details and a link to the event. According to Check Point, malicious actors are now posing as legitimate contacts just by modifying the sender's name. At first, this isn't easy to spot since the emails appear to be coming directly from Google Calendar.
Once a user takes the bait, opens the email, and clicks on a dubious link, they are redirected to a fake reCAPTCHA or support button. They are then asked to complete a fake authentication process and provide personal and payment details on what looks like a Bitcoin support page. The sensitive information is then used to carry out unauthorized transactions and, more importantly, to bypass login on other accounts.
Given the awareness around cybersecurity, one might think most people wouldn't fall for these tricks. However, Check Point, which has observed over 4,000 of these phishing emails, around 300 brands have already been affected by this campaign in just over four weeks.
They recommend enabling the known senders setting in Google Calendar so that you receive an alert every time an unknown sender shares an invite. To do that, head over to Google Calendar, click Settings (gear icon at the top), pick Event Settings, click on the drop-down menu next to "Add invitations to my calendar," and set it to "Only if the sender is known."
Other precautionary measures include carefully examining the email content. Do not engage if the email contains incomplete or suspicious information. If you find a link, don't click on it or copy it. Search the web for mentions of the URL; scammers often mask anchor text with malicious links. Finally, it is recommended that multi-factor authentication be enabled on all kinds of online accounts and that activities on third-party Google apps be constantly monitored.