Cybercriminals change the “sender” header to make emails appear to be sent via Google Calendar on behalf of a known and trusted individual. Attacks have become more common in the past few weeks, according to researchers. Nearly 4,000 emails of this nature were reportedly sent over a four-week period, impersonating more than 300 brands.
The emails contain a calendar link or file (.ics) with a link to Google Forms or Google Drawings to bypass the email scanning tools of Gmail, Microsoft Outlook and other mail services. Once the user takes the bait, they are prompted to click on another link, “usually disguised as a fake reCAPTCHA or support button,” according to the post. This link directs the user to a page designed for financial fraud.
Google recommends users use Gmail’s built-in filtering rules and known senders setting to avoid these types of phishing attacks.
This news our mobile application Download using
You can read it whenever you want (even offline):