blog.checkpoint.com
Open in
urlscan Pro
18.173.205.29
Public Scan
URL:
https://blog.checkpoint.com/securing-user-and-access/google-calendar-notifications-bypassing-email-security-policies/
Submission: On December 18 via api from TR — Scanned from PT
Submission: On December 18 via api from TR — Scanned from PT
Form analysis 3 forms found in the DOM
<form id="search-form">
<input type="image" src="https://www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/images/search-btn.png" value="Submit" alt="Search"><input type="text" id="stq" name="stq" class="st-search-input" placeholder="Enter your keywords..."
x-webkit-speech="" x-webkit-grammar="builtin:search" autocomplete="off" aria-label="Search Term">
</form><form id="search-form1">
<label style="display: none;">Search</label>
<input type="image" src="https://www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/images/search-btn.png" value="Submit" alt="Search"><input type="text" id="stq1" name="stq1" class="st-search-input" placeholder="Enter your keywords..."
x-webkit-speech="" x-webkit-grammar="builtin:search" autocomplete="off" aria-label="Search Term">
</form>GET /
<form action="/" id="searchform" class="search-form" method="get">
<div class="form-group">
<input type="search" name="s" class="search-form__input" autocomplete="off" placeholder="Search ...">
<button type="submit" class="btn search-form__submit"><i class="atbs-atoms-icon-right-arrow"></i></button>
</div>
</form>Text Content
Get a Demo Contact Us Support Log In
* Search
*
* Geo Menu
* * Choose your language...
* English (English)
* Spanish (Español)
* French (Français)
* German (Deutsch)
* Italian (Italiano)
* Portuguese (Português)
* Japanese (日本語)
* Chinese (中文)
* Korean (한국어)
* Taiwan (繁體中文)
* Solutions
* * Use Cases
* Industry
* Organization Size
* Hybrid Cloud
* Hybrid Mesh Firewall
* Generative AI
* Zero Trust & Least Privilege
* Developer Security & Operations
* IoT Security Solutions
* Anti-Ransomware
* SD-WAN
* Threat Hunting
* Compliance
* Collaboration Security
* Email Security
UNVEILING THE FUTURE OF NETWORK SECURITY IN THE ERA OF AI
Watch The Replay
* Retail
* Financial Services
* Federal Government
* State & Local Government
* Healthcare
* Telco Service Provider
* Education
UNVEILING THE FUTURE OF NETWORK SECURITY IN THE ERA OF AI
Watch The Replay
* Enterprise
* Small & Medium Business
UNVEILING THE FUTURE OF NETWORK SECURITY IN THE ERA OF AI
Watch The Replay
* Platform
* * Infinity Platform
* Secure the Network
* Secure the Cloud
* Secure the Workspace
* Security Operations
Explore Infinity
* Platform OverviewIndustry leading AI-Powered and Cloud-Delivered cyber
security platform
* Infinity ServicesPrevention-first security operation, AI Copilot,
ThreatCloud AI, and 24/7 managed security services, consulting, and
training
* Infinity PortalLearn about and sign into Check Point's unified security
management platform
* Infinity Platform AgreementPredictable cyber security environments
through a platform agreement
* See All Products >
UNVEILING THE FUTURE OF NETWORK SECURITY IN THE ERA OF AI
Watch The Replay
Explore Quantum
* Next Generation Firewall (NGFW) Security GatewayIndustry leading
AI-powered security gateways for modern enterprises
* SD-WANSoftware-defined wide are network to converge security with
networking
* Security Policy and Threat ManagementManage firewall and security policy
on a unified platform for on-premise and cloud networks
* Internet of Things (IoT)Autonomous IoT threat prevention with zero trust
profiling, virtual patching, and segmentation
* Remote Access VPN Secure, seamless remote access to corporate networks
* Industrial Control System Security Gateways Protect ICS, Operational
Technology, and SCADA systems
* See All Products >
UNVEILING THE FUTURE OF NETWORK SECURITY IN THE ERA OF AI
Watch The Replay
Explore CloudGuard
* Cloud Network SecurityIndustry leading threat prevention with
cloud-native firewalls
* Cloud Native Application Protection PlatformCloud-native prevention-first
security
* Code SecurityDeveloper-centric code security
* Web Application and API SecurityAutomated application and API security
* See All Products >
UNVEILING THE FUTURE OF NETWORK SECURITY IN THE ERA OF AI
Watch The Replay
Explore Harmony
* Email and Collaboration SecurityEmail security that includes office and
collaboration applications
* Endpoint SecurityComprehensive endpoint protection to prevent attacks and
data compromise
* Mobile SecurityComplete protection for the workforce across all mobile
devices
* SASEUnified security with optimized internet and network connectivity
* SaaS SecurityThreat prevention management for SaaS
* See All Products >
UNVEILING THE FUTURE OF NETWORK SECURITY IN THE ERA OF AI
Watch The Replay
Security Operations
* External Risk ManagementProtect against threats like credential theft,
fraud, and brand impersonation.
* Extended Prevention & ResponseAI-powered, cloud-delivered security
operations with Infinity XDR/XR
* Secure Automation and CollaborationAutomate response playbooks with
Infinity Playblocks
* Unified Security Events and Logs as a ServiceInfinity events cloud-based
analysis, monitoring, and reporting
* AI Powered TeammateAutomated Security Admin & Incident Response with AI
Copilot
* ThreatCloud AIThe brain behind Check Point’s premier threat prevention
* Managed Prevention & Response ServiceSOC operations-as-a-service with
Infinity MDR/MPR
*
* See All Products >
UNVEILING THE FUTURE OF NETWORK SECURITY IN THE ERA OF AI
Watch The Replay
* Support & Services
* * Strategy & Risk
* Professional Services
* Training Programs
* Incident Response
* Managed Security
* Support
Explore Strategy & Risk Services
* External Risk ManagementOutsource specialized cybersecurity functions to
Check Point security experts
* Cyber Risk AssessmentAssess your cyber risks and plan actionable strategy
* Attack Surface & Penetration TestingEvaluate security defenses against
potential cyber attacks and threats
* Security Controls Gap Analysis
(NIST, CIS)Analyze technology gaps and plan solutions for improved
security and ROI
* Threat Intelligence & Brand ReputationAnalyzed data on cyber threats,
aiding proactive security measures
* See All Strategy & Risk Services >
INFINITY GLOBAL SERVICES
FIND THE RIGHT END-TO-END CYBERSECURITY SERVICE SOLUTIONS TAILORED TO MEET
YOUR ORGANIZATION'S SPECIFIC NEEDS.
Explore All Services
Explore Professional Services
* Security Deployment & OptimizationStrategic deployment and refinement of
security for optimal protection
* Advanced Technical Account ManagementProactive service delivered by
highly skilled cyber security professionals
* Lifecycle Management ServicesEffectively maintain the lifecycle of
security products and services
* See All Professional Services >
INFINITY GLOBAL SERVICES
FIND THE RIGHT END-TO-END CYBERSECURITY SERVICE SOLUTIONS TAILORED TO MEET
YOUR ORGANIZATION'S SPECIFIC NEEDS.
Explore All Services
Explore Training Programs
* Training & CertificationsComprehensive cyber security training and
certification programs
* CISO TrainingGlobally recognized training for Chief Information Security
Officers
* Security AwarenessEmpower employees with cyber security skills for work
and home
* Cyber Park - Cyber RangeSimulated gamification environment for security
training
* Mind Training HubCheck Point cyber security and awareness programs
training hub
* See All Training Programs >
INFINITY GLOBAL SERVICES
FIND THE RIGHT END-TO-END CYBERSECURITY SERVICE SOLUTIONS TAILORED TO MEET
YOUR ORGANIZATION'S SPECIFIC NEEDS.
Explore All Services
Explore Incident Response Services
* Incident ResponseManage and mitigate security incidents with systematic
response services
* Managed Detection and Response24/7 SOC Operations for Check Point + 3rd
party solutions, 24/7 response
* Digital ForensicsComprehensive investigation and analysis of cyber
incidents and attacks
* See All Incident Response Services >
INFINITY GLOBAL SERVICES
FIND THE RIGHT END-TO-END CYBERSECURITY SERVICE SOLUTIONS TAILORED TO MEET
YOUR ORGANIZATION'S SPECIFIC NEEDS.
Explore All Services
Explore Managed Security Services
* SOC-as-a-ServiceLeverage SOC expertise to monitor and manage the security
solutions
* Network Security and NOC-as-a-ServiceManagement of IT network and
firewall infrastructure
* Cloud & ITAccess to managed cloud and IT technologies, expertise, and
resources
* Managed Firewall as a ServiceSimplify data center workflow orchestration
and scale up on demand
* See All Managed Security Services >
INFINITY GLOBAL SERVICES
FIND THE RIGHT END-TO-END CYBERSECURITY SERVICE SOLUTIONS TAILORED TO MEET
YOUR ORGANIZATION'S SPECIFIC NEEDS.
Explore All Services
Explore Support Services
* Support ProgramsPrograms designed to help maximize security technology
utilization
* Check Point PROProactive monitoring of infrastructure program offerings
* Contact Support
OUR CUSTOMER SUPPORT TEAM IS ONLY A CLICK AWAY AND READY TO HELP YOU 24
HOURS A DAY.
Visit Support Center
* Solutions
* Use Cases
* Hybrid Cloud
* Hybrid Mesh Firewall
* Generative AI
* Zero Trust & Least Privilege
* Developer Security & Operations
* IoT Security Solutions
* Anti-Ransomware
* SD-WAN
* Threat Hunting
* Compliance
* Collaboration Security
* Email Security
* Industry
* Retail
* Financial Services
* Federal Government
* State & Local Government
* Healthcare
* Telco Service Provider
* Education
* Organization Size
* Enterprise
* Small & Medium Business
* Platform
* Infinity Platform
* Platform Overview
* Infinity Services
* Infinity Portal
* Infinity Platform Agreement
* Secure the Network
* Next Generation Firewall (NGFW) Security Gateway
* SD-WAN
* Security Policy and Threat Management
* Internet of Things (IoT)
* Industrial Control System Security Gateways
* Remote Access VPN
* Secure the Cloud
* Cloud Network Security
* Cloud Native Application Protection Platform
* Code Security
* Web Application and API Security
* Secure the Workspace
* Email and Collaboration Security
* Endpoint Security
* Mobile Security
* SASE
* SaaS Security
* Services
* External Risk Management
* Managed Prevention & Response Service
* Extended Prevention & Response
* Secure Automation and Collaboration
* Unified Security Events and Logs as a Service
* AI Powered Teammate
* ThreatCloud AI
* Support & Services
* Strategy & Risk
* External Risk Management
* Cyber Risk Assessment
* Attack Surface & Penetration Testing
* Security Controls Gap Analysis (NIST, CIS)
* Threat Intelligence & Brand Reputation
* Professional Services
* Security Deployment & Optimization
* Advanced Technical Account Management
* Lifecycle Management Services
* Training Programs
* Training & Certifications
* CISO Training
* Security Awareness
* Cyber Park - Cyber Range
* Mind Training Hub
* Incident Response
* Incident Response
* Managed Detection and Response
* Digital Forensics
* Managed Security
* SOC-as-a-Service
* Network Security and NOC-as-a-Service
* Cloud & IT
* Managed Firewall as a Service
* Support
* Support Programs
* Check Point PRO
* Contact Support
* Partners
* Check Point Partners
* Find a Partner
* Channel Partners
* Technology Partners
* MSSP Partners
* AWS Cloud
* Azure Cloud
* Become a Partner
* Overview
* Enrolled Partners
* Partner Portal
* CHECK POINT IS 100% CHANNEL. GROW YOUR BUSINESS WITH US!
Sign Up Now
* More
* Company
* About Us
* Leadership
* Careers
* Investor Relations
* Newsroom
* Learn
* Resource Center
* Customer Stories
* Blog
* Events & Webinars
* Cyber Hub
* Cyber Security Insights
* Check Point Research
* CheckMates Community
* UNVEILING THE FUTURE OF NETWORK SECURITY IN THE ERA OF AI
Watch The Replay
* Search
* Search
* Geo Menu
* Choose your language...
* English (English)
* Spanish (Español)
* French (Français)
* German (Deutsch)
* Italian (Italiano)
* Portuguese (Português)
* Japanese (日本語)
* Chinese (中文)
* Korean (한국어)
* Taiwan (繁體中文)
Toggle Navigation
Blog Home > Harmony > Google Calendar Notifications Bypassing Email Security
Policies
Filter by: Select category Research (596) Security (979) Securing the
Cloud (316) Harmony (200) Company and Culture (38) Innovation (6) Customer
Stories (17) Infinity Security Operations (5) Securing the Network (13)
Partners (10) Connect SASE (10) Email Security (103) Artificial
Intelligence (26) Infinity Global Services (21) Crypto (13) Healthcare (14)
Harmony SASE (14) MSSP (5) Executive Insights (230)
HarmonyDecember 17, 2024
GOOGLE CALENDAR NOTIFICATIONS BYPASSING EMAIL SECURITY POLICIES
ByCheck Point Team
Share
*
*
*
*
*
Google Calendar is a tool for organizing schedules and managing time, designed
to assist individuals and businesses in planning their days efficiently.
According to Calendly.com, Google Calendar is used by more than 500 million
people and is available in 41 different languages.
Due to Google Calendar’s popularity and efficiency in everyday tasks, it is no
wonder it has become a target for cyber criminals. Recently, cyber security
researchers at Check Point, have observed cyber criminal manipulation of
dedicated Google tools – namely Google Calendar and Google Drawings. Many of the
emails appear legitimate because they appear to directly originate from Google
Calendar.
Cyber criminals are modifying “sender” headers, making emails look as though
they were sent via Google Calendar on behalf of a known and legitimate
individual. Roughly 300 brands have been affected by this campaign thus far,
with cyber researchers observing over 4,000 of these phishing emails in a four
week period.
THREAT OVERVIEW
As noted previously, these phishing attacks initially exploited the
user-friendly features inherent in Google Calendar, with links connecting to
Google Forms.
However, after observing that security products could flag malicious Calendar
invites, cyber criminals evolved the attack to align with the capabilities of
Google Drawings.
CYBER CRIMINAL MOTIVES
At the heart of this campaign, cyber criminals aim to fool users into clicking
on malicious links or attachments that allow for the theft of either corporate
or personal information.
After an individual unwittingly discloses sensitive data, the details are then
applied to financial scams, where cyber criminals may engage in credit card
fraud, unauthorized transactions or similar, illicit activities. The stolen
information may also be used to bypass security measures on other accounts,
leading to further compromise.
For both organizations and individuals, these types of scams can prove extremely
stressful, with long-term, deleterious effects.
ATTACK EXECUTION TECHNIQUES
As noted previously, the initial emails include a link or the calendar file
(.ics) with a link to Google Forms or Google Drawings.
Users are then asked to click on another link, which is often disguised as a
fake reCAPTCHA or support button.
After clicking on the link, the user is forwarded to a page that looks like a
cryptocurrency mining landing page or bitcoin support page.
These pages are actually intended to perpetrate financial scams. Once users
reach said page, they are asked to complete a fake authentication process, enter
personal information, and eventually provide payment details.
The phishing attack shown below initially began with a Google Calendar invite.
Some of the emails do really look like calendar notifications, while others use
a custom format:
Initial phishing attack email example
If the guests were known contacts, a user might believe the ruse, as the rest of
the screen looks relatively ordinary:
Google Calendar set-up
BLOCKING THIS ATTACK
For organizations that want to safeguard users from these types of phishing
threats and others, consider the following practical recommendations:
* Advanced email security solutions. Solutions like Harmony Email &
Collaboration can effectively detect and block sophisticated phishing
attempts – even when they manipulate trusted platforms, like Google Calendar
and Google Drawings.
High-caliber email security solutions include attachment scanning, URL
reputation checks, and AI-driven anomaly detection.
* Monitor the use of third-party Google Apps. Leverage cyber security tools
that can specifically detect and warn your organization about suspicious
activity on third-party apps.
* Implement strong authentication mechanisms. One of the most important actions
that security administrators can take consists of implementing Multi-Factor
Authentication (MFA) across business accounts.
Further, deploy behavior analytics tools that can detect unusual login
attempts or suspicious activities, including navigation to
cryptocurrency-related sites.
For individuals who are concerned about these scams reaching their personal
inboxes, consider the following practical recommendations.
* Remain wary of fake event invites. Does the invite have unexpected
information on it or request that you complete unusual steps (i.e., CAPTCHA)?
If so, avoid engaging.
* Carefully examine incoming content. Think before you click. Hover over links
and then type the URL into Google for the purpose of accessing the website –
a safer approach than otherwise.
* Enable two-factor authentication. For Google accounts and other repositories
of sensitive information, enable two-factor authentication (2FA). If your
credentials are compromised, 2FA can prevent criminals from accessing a given
account.
When asked for comment, Google stated, “We recommend users enable the “known
senders” setting in Google Calendar. This setting helps defend against this type
of phishing by alerting the user when they receive an invitation from someone
not in their contact list and/or they have not interacted with from their email
address in the past.”
In 2025, upgrade your email security solution. Speak with an expert today and
get a Harmony Email & Collaboration demo.
0 78
YOU MAY ALSO LIKE
Harmony November 18, 2024
BEYOND TRUST: REVOLUTIONIZING MSSP SECURITY WITH A ZERO TRUST FRAMEWORK
Introduction The cyber security landscape is evolving at breakneck speed, ...
Harmony September 30, 2024
CHECK POINT HARMONY ENDPOINT: STRATEGIC LEADER IN REAL-WORLD ENDPOINT PROTECTION
In the ever-evolving landscape of cybersecurity, theoretical protection is not
...
Harmony September 26, 2024
CHECK POINT SOFTWARE TECHNOLOGIES: A VISIONARY APPROACH TO WORKSPACE SECURITY
In today’s rapidly evolving digital landscape, businesses face unprecedented
cybersecurity ...
Harmony August 6, 2024
SECURING DATA IN THE AI ERA: INTRODUCING CHECK POINT HARMONY ENDPOINT DLP
In today’s digital landscape, data is the lifeblood of organizations. ...
* COMPANY
* About Us
* Careers
* Leadership
* Newsroom
* Legal
* Trust Center
* Investor Relations
* Merchandise Store
* Contact Us
* TECHNICAL RESOURCES
* User Center Sign In
* Advisories
* Threat Map
* Threat Wiki
* URL Categorization
* App Wiki
* EXPAND & LEARN
* Resource Center
* Cyber Hub
* Check Point Research
* Check Point Blog
* CheckMates Community
* Customer Stories
* SUPPORT & SERVICES
* Support Center
* Infinity Global Services
* IGS Portal
* * Contact Sales
* North America:
* +1-866-488-6691
* International:
* +44-125-333-5558
* Contact Support
* North America:
* +1-888-361-5030
* International:
* +44-114-478-2845
--------------------------------------------------------------------------------
Follow Us
YOU DESERVE THE BEST SECURITY™ ©1994- 2024 Check Point Software Technologies
Ltd. All rights reserved.
Copyright | Privacy Policy | Cookie Settings | Get the Latest News
This website uses cookies in order to optimize your user experience as well as
for advertising and analytics. For further information, please read our Privacy
Policy and ourCookie Notice.
Cookies Settings Reject All Accept
When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information
Allow All
MANAGE CONSENT PREFERENCES
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then some
or all of these services may not function properly.
STRICTLY NECESSARY COOKIES
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to block
or alert you about these cookies, but some parts of the site will not then work.
These cookies do not store any personally identifiable information.
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
Back Button
PERFORMANCE COOKIES
Search Icon
Filter Icon
Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
Reject All Confirm My Choices