Ad
A sophisticated phishing campaign exploiting Google Calendar has been uncovered by Check Point Software Technologies, raising alarms among cybersecurity experts.
Cybercriminals are sending fake meeting invitations that appear legitimate, redirecting victims to phishing sites and mimicking Google’s platforms to steal sensitive information.
This emerging threat is particularly concerning given the widespread use of Google Calendar, which serves more than 500 million users globally in 41 languages. Researchers have identified nearly 4,000 phishing attempts in a matter of weeks, impersonating more than 300 reputable brands.
I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2
Google Calendar invitation (Kurt “CyberGuy” Knutsson)
How the scam works
Hackers leverage the trust in Google’s services to carry out their attacks. Victims receive seemingly authentic meeting invites via Google Calendar. Upon clicking links within these invites, they are taken to fake web pages that prompt them to input personal data. Once compromised, this information can be used for identity theft, financial fraud and unauthorized access to other accounts. Безопасность experts warn that attackers are now using AI to craft highly convincing fake invitations, making it even harder to spot the fraud. Reacting to the findings from Check Point, a spokesperson for Google said:
WHAT IS ARTIFICIAL INTELLIGENCE (AI)?
“We recommend users enable the ‘Only If The Sender Is Known’ setting in Google Calendar. This setting helps defend against this type of phishing by alerting the user when they receive an invitation from someone not in their contact list and/or they have not interacted with from their email address in the past.”
Illustration of a hacker at work (Kurt “CyberGuy” Knutsson)
ASK KURT: HOW TO NAVIGATE GOOGLE’S PRIVACY SETTINGS
Google’s ‘Known Senders’ setting: A shield against calendar phishing
Google has introduced the “known senders” feature in Google Calendar to combat sophisticated phishing attempts. This setting helps you filter out potentially malicious calendar invites. Here’s how to enable it:
- Open Google Calendar and click the gear icon to access Settings
- Under General, select Event Settings
- In Add invitations to my calendar, choose Only if the sender is known
This ensures that only events from contacts, your organization or previous interactions are automatically added to your calendar.
GET FOX BUSINESS ON THE GO BY CLICKING HERE
Google’s “Known Senders” setting (Kurt “CyberGuy” Knutsson)
HOW ONE MAN GOT SCAMMED IN SECONDS USING GOOGLE
Additional security measures
To further protect yourself from phishing scams, follow these steps.
Scrutinize unexpected invites carefully: Examine the sender’s details, including their name, domain and email address, for any inconsistencies or signs of spoofing.
Avoid clicking suspicious links or downloading attachments from unknown sources: Threat actors often embed malicious links in calendar invites that can lead to phishing websites designed to steal your personal information.
Use strong antivirus software: This provides an additional defense mechanism against malware and can help detect potential phishing attempts before they cause damage. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
Enable two-factor authentication (2FA) for your Gmail account: 2FA adds an extra layer of security that can prevent unauthorized access, even if your credentials are compromised.
Keep your security settings up to date: Regularly review and adjust your calendar and email settings to protect against evolving phishing tactics.
HOW A WRONG GOOGLE SEARCH CAN COMPROMISE YOUR DATA AND BRING LAW ENFORCEMENT CALLING
Kurt’s key takeaways
As phishing tactics evolve, cybercriminals are exploiting trusted platforms like Google Calendar to bypass traditional security measures. This underscores the importance of user vigilance and proactive security practices. By enabling the “known senders” setting and implementing additional security measures, you can significantly reduce the risk of falling victim to calendar-based phishing scams.
@ProStartup.it
What digital security challenges have you encountered recently? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.
Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox новости & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
Ad
SomaDerm, SomaDerm CBD, SomaDerm AWE (by New U Life).