PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Watch Out: That Google Calendar Invite Might Contain Malicious Links

Around 300 brands have fallen victim to a financial scam that dupes people into clicking links on slightly altered Google Calendar invites, according to a study from Check Point.

Jibin Joseph
 & Jibin Joseph Contributor

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS
(Credit: Idrees Abbas/SOPA Images/LightRocket via Getty Images)

Cybercriminals are now modifying the "sender" headers of Google Calendar invites to lure you into clicking malicious links, according to a study from Check Point.

Typically, when you receive a Google Calendar invite in your inbox, you'll see the sender's name and the email subject containing event details. If you open the email, you'll find more details and a link to the event. According to Check Point, malicious actors are now posing as legitimate contacts just by modifying the sender's name. At first, this isn't easy to spot since the emails appear to be coming directly from Google Calendar

Once a user takes the bait, opens the email, and clicks on a dubious link, they are redirected to a fake reCAPTCHA or support button. They are then asked to complete a fake authentication process and provide personal and payment details on what looks like a Bitcoin support page. The sensitive information is then used to carry out unauthorized transactions and, more importantly, to bypass login on other accounts. 

Given the awareness around cybersecurity, one might think most people wouldn't fall for these tricks. However, Check Point, which has observed over 4,000 of these phishing emails, around 300 brands have already been affected by this campaign in just over four weeks. 

Recommended by Our Editors

Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts
Craigslist Founder Teams Up With a Muppet to Persuade People to Stop Clicking on Scams
Craigslist Founder Teams Up With a Muppet to Persuade People to Stop Clicking on Scams

They recommend enabling the known senders setting in Google Calendar so that you receive an alert every time an unknown sender shares an invite. To do that, head over to Google Calendar, click Settings (gear icon at the top), pick Event Settings, click on the drop-down menu next to "Add invitations to my calendar," and set it to "Only if the sender is known."

Other precautionary measures include carefully examining the email content. Do not engage if the email contains incomplete or suspicious information. If you find a link, don't click on it or copy it. Search the web for mentions of the URL; scammers often mask anchor text with malicious links. Finally, it is recommended that multi-factor authentication be enabled on all kinds of online accounts and that activities on third-party Google apps be constantly monitored.

For more cybersecurity tips, check out our detailed guides on ways to avoid phishing and other types of scams.

About Our Expert

Jibin Joseph

Jibin Joseph

Contributor

Jibin is a tech news writer based out of Ahmedabad, India. Previously, he served as the editor of iGeeksBlog and is a self-proclaimed tech enthusiast who loves breaking down complex information for a broader audience.

Read the latest from Jibin Joseph

Read full bio