Press Release

Check Point Research Uncovers Cyber Criminals Exploiting Google Calendar to Bypass Email Security

Google Calendar, widely used for organizing schedules and managing time, has become a target for cybercriminals. With over 500 million users across 41 languages (source: Calendly.com), its popularity has inadvertently attracted malicious actors.

Check Point researchers recently identified a phishing campaign exploiting Google Calendar and Google Drawings. Cybercriminals manipulate “sender” headers to make emails appear legitimate, originating from Google Calendar on behalf of known individuals. This campaign has already impacted 300 brands, with 2,300 phishing emails observed over just two weeks.

Threat Overview:
Initially, attackers used Google Calendar invites linking to Google Forms. However, as security products began flagging these, they shifted tactics to leverage Google Drawings. These phishing attempts lure victims into revealing sensitive data, which is then misused for financial scams, unauthorized transactions, and bypassing security on other accounts.

Execution Techniques:
Phishing emails often include a calendar file (.ics) or links to fake support pages. Users are tricked into completing authentication steps, entering personal information, and providing payment details on fraudulent landing pages.

Recommendations to Block Attacks:
For organizations:

  • Use advanced email security solutions like Harmony Email & Collaboration for URL reputation checks, attachment scanning, and AI anomaly detection.
  • Monitor third-party Google Apps usage and implement Multi-Factor Authentication (MFA).

For individuals:

  • Be cautious of unexpected invites and hover over links before clicking.
  • Enable two-factor authentication (2FA) on all accounts.

Google advises users to activate the “known senders” setting in Google Calendar, alerting them to invitations from unfamiliar contacts.

Enhance Your Email Security:
2025 is the year to fortify email defenses. Get a Harmony Email & Collaboration demo to protect your organization from sophisticated phishing threats.