Google’s widely used applications, particularly Gmail and Google Calendar, have long been attractive targets for cybercriminals. Recently, a significant uptick in phishing and other malicious attacks has put millions of users at risk, necessitating urgent awareness and protective measures. The ongoing cybersecurity threats exploiting these platforms have been highlighted by Check Point researchers, revealing a disturbing trend in cyber tactics.
New Phishing Techniques Target Google Calendar and Gmail Users
Check Point has uncovered a worrying new trend in cyber attacks, specifically targeting Google Calendar. By manipulating sender headers, cybercriminals make their phishing emails appear as if they are coming from legitimate contacts via Google Calendar. This method has successfully bypassed traditional email security measures, impacting an alarming number of users with over 2,300 attacks detected in just two weeks.
This new form of attack not only exploits Google Calendar’s functionalities but also extends to Google Forms and Google Drawings. Initially, attackers used Google Calendar’s user-friendly features to send malicious links through calendar invites. However, as security software began to flag these attempts, the attackers adapted. They shifted their approach to Google Drawings, embedding malicious links within seemingly benign documents and images, often masked as fake reCAPTCHA or support buttons.
Mitigating the Risks: Steps to Protect Your Google Account
To combat these sophisticated attacks, simple yet effective measures can be implemented by users to enhance their security. Stu Sjouwerman, CEO of KnowBe4, suggests adjusting Google Calendar settings to prevent the automatic addition of invitations. Users should set their calendars to only show invitations they have actively responded to and disable the option to automatically add events from Gmail. While this may decrease some functionality, the trade-off for increased security is often worth it.
Google also recommends enabling the “known senders” setting in Google Calendar. This feature alerts users when they receive an invitation from an unrecognized email address, helping to safeguard against phishing attempts.
Broader Implications and Preventative Strategies
The recent wave of attacks does not only concern Google Calendar and Gmail; it extends to other Google services and even impacts users of Google Workspace. For those with Google Workspace subscriptions, enabling email verification for appointment schedules can provide an additional layer of security, preventing unauthorized appointments.
Furthermore, Google’s response to these threats extends to advising users on maintaining privacy and security across all its platforms, including Android and Chrome. This holistic approach to cybersecurity is crucial as the methods employed by attackers become increasingly sophisticated and widespread.
As cyber threats evolve, so must the strategies to combat them. For millions of Google users worldwide, staying informed about the latest attack methodologies and implementing recommended security settings are key steps towards safeguarding their digital lives. Cybersecurity is a constantly changing landscape, and users must remain vigilant to protect themselves against these ever-emerging threats.
