Hackers Exploit Google Calendar And Gmail In Phishing Attacks - 1

Photo by appshunter.io on Unsplash

Hackers Exploit Google Calendar And Gmail In Phishing Attacks

  • Written by Andrea Miliani Former Tech News Expert

A new report shared by Check Point researchers revealed that malicious actors have been exploiting Google tools like Google Calendar and Google Drawings to send phishing emails.

In a Rush? Here are the Quick Facts!

  • Check Point shared a study revealing a recent trend where cybercriminals exploit Google Calendar for phishing
  • Malicious actors send imitations of Google Calendar invitations to Gmail users and redirect them to malicious links to steal their data
  • The data gathered in the study shows that more than 300 businesses have been attacked and over 4,000 phishing emails have been sent in the past four weeks

The document states that cybercriminals have been altering the traditional email structure sent by Google Calendar to make it look authentic by changing the “sender” header.

According to the data gathered by the cybersecurity company, over 300 businesses have been impacted by this phishing method and over 4,000 emails with malicious content have been spotted in the past four weeks.

Even if the number isn’t large in proportion, considering that over 500 million people use Google Calendar—according to data from Calendly—, the researchers consider it an important trend.

Hackers’ goal is to make victims click on malicious links and steal personal or corporate information. In these attacks, criminals try to get sensitive data by redirecting to a Google Form or Google Drawings and then to the malicious link.

“Once users reach said page, they are asked to complete a fake authentication process, enter personal information, and eventually provide payment details,” wrote the researchers, explaining how the hackers got the information for financial scams.

Multiple techniques are used, but the trend suggests a strong familiarity with Google Calendar’s formats. “Some of the emails do really look like calendar notifications, while others use a custom format,” explained Check Point.

The experts recommend organizations and users rely on advanced email security solutions, monitor third-party apps with access to Google accounts, and use Multi-Factor Authentication (MFA,), especially in business platforms.

“We recommend users enable the ‘known senders’ setting in Google Calendar. This setting helps defend against this type of phishing by alerting the user when they receive an invitation from someone not in their contact list and/or they have not interacted with from their email address in the past,” said Google when reached out by Check Point.

Cybercriminals Use Fake Brand Deals To Target Popular YouTube Channels - 2

Image by DC Studio, from Freepik

Cybercriminals Use Fake Brand Deals To Target Popular YouTube Channels

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

A new report highlights how cybercriminals are increasingly targeting YouTube creators with fake brand collaboration offers to spread malware.

In a Rush? Here are the Quick Facts!

  • Phishing emails impersonate trusted brands, offering partnership deals with malicious attachments.
  • Malware is delivered via password-protected files hosted on platforms like OneDrive.
  • Once opened, malware steals credentials, financial data, and enables remote system access.

These attacks aim to steal sensitive information, including login credentials and financial data, while also allowing remote access to the victim’s system, as detailed in the report by CloudSEK .

The phishing campaigns are highly sophisticated. Attackers impersonate well-known brands, sending professional-looking emails that offer enticing partnership deals.

The emails include fake contracts or promotional documents disguised as password-protected files hosted on trusted platforms like OneDrive or Google Drive. This method helps the malware bypass security filters and antivirus software.

Once a creator downloads and extracts these files, the malware is silently installed. It can then steal browser data, passwords, and even clipboard content (used for copy-pasting). In some cases, the malware allows attackers to remotely control the victim’s device.

The initial stage of the attack often begins with cybercriminals using automated tools to collect email addresses from YouTube channels.

These tools allow attackers to send bulk phishing emails that look convincing, complete with official brand logos and well-written text. Victims, especially content creators and marketers looking for collaborations, are lured into believing the offer is legitimate.

Security researchers note that the malware files are often delivered in layers. For example, a compressed folder may contain another password-protected archive, hiding the malicious script. Once executed, the malware connects to servers controlled by the attackers, where stolen data is sent.

This campaign highlights the growing sophistication of cyber threats targeting social media influencers and creators. YouTube content creators are particularly vulnerable because of their reliance on brand deals as part of their revenue streams.

Experts recommend creators remain cautious and verify all collaboration requests. Simple steps include checking the sender’s email address, avoiding suspicious links, and scanning attachments before downloading.

Adopting robust cybersecurity practices, such as enabling two-factor authentication and using updated antivirus software, can also help prevent such attacks.