Google Calendar Phishing/Social Engineering Threat Warning

Forbes Warns: New Security Warning Issued For Google’s 1.5 Billion Gmail And Calendar Users

Google’s ICS file is now being used as a clever social engineering tool to bypass Google’s own spam filters and allow attackers to launch social engineering and phishing attacks. Knowbe4’s Javvad Malik is quoted in the article.

“Beyond phishing, this attack opens up the doors for a whole host of social engineering attacks,” says Javvad Malik, security awareness advocate at KnowBe4. Malik told me that in order to gain access to a building, for example, you could put in a calendar invite for an interview or similar face to face appointment such as building maintenance which, he warns “could allow physical access to secure areas.”

Kaspersky research notes that “attackers throughout the last month using this technique to effectively spam users with phishing links to credential stealing sites. By populating the location and topic fields to announce a fake online poll or questionnaire with a financial incentive to participate, the threat actors encourage the victim to follow the malicious link where bank account or credit card details can be collected. By exploiting such a “non-traditional attack vector,” the criminals can get around the fact that people are increasingly aware of common methods to encourage link-clicking.”

I was wondering when this was going to make its way around.
Black Hills InfoSec spoke on this two years ago and Google identified it as a “feature”.
Now Kaspersky got most of the credit (though they did udpate the article after posting).
Pretty sure this method is also one the Mitnick uses in his demos :slight_smile:

1 Like

Your right. This is not a new discovery. What caught my eye was the tone of the article which relied on Kaspersky information which I interpreted to mean the threat level has increased. If that is true, then users should be made more aware of it. But in general, its good to be aware that many of Google tools have been adopted by scammers to create scenarios for social engineering Office 365/Sharepoint included.