Google Calendar invitation Phishing Threats

Google Calendar Invitation Phishing Threats

Google Workspace calendar phishing involves attackers sending fake calendar invitations with malicious links to trick users into revealing personal information. To stay safe, do not click anything in the invitation and report it as spam before deleting it. You can also prevent future invites by changing your Google Calendar settings to automatically add invitations to your calendar only if the sender is known or when you respond to them. 

Immediate actions to take:

• Do not interact: Do not click links, call phone numbers, or respond to the event (Accept, Decline, or Maybe). Declining confirms your email is active and can lead to more spam.
• Report as spam: Open the event, click "More" (three dots), and select "Report as spam". This helps Google improve its spam filters.
• Delete the event: After reporting, delete the event from your calendar. 

Preventative measures:

• Change your settings: Go to Calendar Settings (gear icon) > Event Settings.
• Adjust "Add invitations to my calendar": Change the dropdown menu from "From everyone" to "Only if the sender is known" or "When I respond to the invitation in email".
• Be cautious: Even with stricter settings, always be wary of unfamiliar or suspicious invitations. 

Why this is a threat:

• Bypass spam filters: Attackers send invites that may bypass email spam filters, but the event can still appear directly on your calendar.
• Use calendar integration: This method takes advantage of the Google Calendar's functionality to get events onto your calendar, even if the email is filtered out.
• Exploit user behavior: Scammers rely on users clicking on the event to investigate, which leads them to fake login pages or other malicious content.