Phishing with Google Calendar

Graham Cluley
Graham Cluley
@[email protected]

As you know, one of the challenges that phishers face in defrauding you out of your username, passwords and – ultimately – cash, is how can they convince you that they are legitimate?

I’m indebted to Clu-blog reader Pete who sent me details of an unusual phishing email he received earlier this week, which goes further than many in attempting to pull the wool over your eyes.

Pete, who uses Google Calendar, received the following in his email inbox.

Unlike many phishing emails it included his real name alongside his email address, and looked identical to a genuine Google Calendar invite.

And that’s because it is a genuine Google Calendar invitation to an event (just like you might receive one to a friend’s barbecue or New Year’s Eve cocktail party). And sure enough clicking on the link in the email takes you to a “real event” in your Google Calendar,…

Read more in my article on the Naked Security website.

Found this article interesting? Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.