He Phishing o Identity supplantation is one of the best known cybercrime forms and used by scammers. You just have to take a look at your folder of spam To see the amount of phishing attempts that accumulate under the name of popular products and applications, but not always those who use are the most obvious. A tool that enters this category, but to which we are not accustomed to seeing as a resource in cybers, is the Google calendar. Present on all phones Android standard and accessible from any device for anyone with a Google account, This app is being used as a means for phishing scamsaccording to a recent investigation by the cybersecurity company Check Point.
Google Calendar is as practical as popular and ubiquitous, so It is not surprising that it is an objective of cybercriminals. Check Point researchers have detected their fraudulent use, together with that of other Google applications, such as Forms and Drawingsa suite tool Google Docs To draw.
Thus they use cybers Google Calendar
This scam originates from the Reception of an email with a notification of Google Calendar. These emails have a genuine appearance, since Cybercounts modify the ‘sender’ headingscausing the emails to have been sent through Google Calendar on behalf of a known and legitimate person. Check Point has identified that this campaign has affected some 300 brandswith 4,000 emails fraudulent detected in a period of 4 weeks.
Initially, these fraudulent emails from Google Calendar included links that led to Google forms. However, after verifying that some security products could detect these malicious invitations, cybercriminals They also decided to use Google Drawings. The objective of this campaign is Cheat users to click Malicious Links or Attachments, thus allowing the theft of corporate or personal information.
Once the user falls into the trap and facilitates sensitive data, these They are used in financial scams, in which criminals can make fraud with credit cards, unauthorized transactions or other illicit activities. In addition, stolen information can be used to Evade security measures in other accounts.
Fraudulent emails contain A link or a calendar file (.ics) that links forms or Google Drawings. Subsequently, the user is asked to Click another link, which is usually disguised as a false recaptcha or support button. In the examples provided by Check Point, the user is aimed at a page that resembles being a cryptocurrency mining platform or a Bitcoin support page, although other cases may occur.
These pages are designed to perpetrate financial scams; Once on the page, the user is requested to complete a false authentication process, enter personal information and, finally, provide payment data. It is from that moment when the victim loses control of his bank information, which can be used by scammers for criminal purposes.
How to avoid phishing on Google Calendar
To avoid falling into these scams, Check Point recommends To organizations Use advanced email safety solutions, monitor the use of third -party Google applications and implement robust authentication mechanisms.
To individuals They are advised to remain alert to invitations to false events, examine the incoming content and manually write the URL instead of clicking on the link offered, as well as activating the authentication of two factors.