An ongoing phishing rip-off is abusing Google Calendar invitations and Google Drawings pages to steal credentials whereas bypassing spam filters.
In response to Test Level, which has been monitoring the phishing assault, the menace actors have focused 300 manufacturers with over 4,000 emails despatched in 4 weeks.
Test Level advised BleepingComputer that the assaults focused a broad vary of corporations, together with instructional establishments, healthcare companies, constructing corporations, and banks.
The assault begins with the menace actors utilizing Google Calendar to ship assembly invitations that look fairly innocuous, particularly for those who acknowledge a few of the different friends.
Embedded in these invitations, as proven beneath, is a hyperlink that results in Google Kinds or Google Drawings that immediate the person to click on one other hyperlink, sometimes disguised as a reCaptcha or assist button.
Electronic mail Researchers at Test Level advised BleepingComputer that by using the Google Calendar companies to provoke the phishing invitations, they bypass spam filters as they’re coming from a reliable Google service.
“The attackers utilized Google Calendar companies, making the headers seem utterly reliable and indistinguishable from invites despatched by any typical Google Calendar person,” Test Level advised BleepingComputer.
The researchers shared a picture of the e-mail headers, exhibiting they handed DKIM, SPF, and DMARC e mail safety checks, permitting the phishing invite to land within the targets’ inboxes.
To double the variety of phishing emails despatched to the goal, the menace actors can even cancel the Google Calendar occasion and embrace a message that will likely be despatched to attendees.
This message can even embrace a hyperlink, akin to a Google Drawings hyperlink, to additional drive targets to phishing pages.
Google Calendar phishing will not be new, with Google beforehand rolling out protections permitting customers to dam a lot of these invitations extra simply.
Nevertheless, if a Google Workspace administrator doesn’t allow these protections, you’ll proceed to have invitations routinely added to your calendars.
Test Level recommends that customers be cautious of all assembly invitations obtained, and in the event that they immediate you to click on on a hyperlink, ignore them except you belief or affirm the sender.