Hackers Exploit Gmail & Calendar—Switch to Passkeys Now!
Published On: December 18, 2024
Gmail and Google Calendar are once again in the spotlight as cybercriminals exploit these platforms with increasingly complex tactics. Recent reports highlight new threats targeting users and up to 300 businesses through malicious calendar invites and phishing emails, raising alarms about the evolving techniques hackers are using to steal sensitive information.
Cybersecurity experts warn of a growing trend of abuse of Google Calendar’s invitation feature. Attackers need only a Gmail address to send fraudulent event invites, which automatically appear on users’ calendars. These invites often include links directing victims to fake cryptocurrency pages or phishing sites disguised as support pages.
To counter these attacks, users are urged to tweak their Google Calendar settings. Turning off the “automatically add invitations” feature and disabling automatic event additions from Gmail are key steps to blocking these threats. While these changes may reduce calendar functionality, the added security is worth the trade-off.
Phishing emails are becoming more subtle. Hackers have started embedding malicious links in calendar invites to bypass traditional email security filters. These phishing emails often appear to come from legitimate sources, tricking users into disclosing sensitive data. One tactic involves manipulating the link hover text in Gmail. This allows attackers to make malicious URLs appear legitimate, increasing the likelihood of user clicks. Experts advise using mobile or desktop email applications, which offer better link visibility compared to web browsers.
Google recommends users switch to passkeys, a stronger alternative to traditional 2FA methods like SMS codes. The tech giant also encourages users to perform regular security audits using their Security Check-Up tool and consider enrolling in their Advanced Protection Program for enhanced security.
As cyberattacks become more sophisticated, combining tools like VPNs with Google’s security features provides a more comprehensive defense. Experts recommend using a reputable VPN alongside enabling multi-factor authentication, disabling automatic calendar event additions, and regularly monitoring account activity to stay ahead of evolving threats. By integrating VPNs into their digital habits, users can better protect their personal and professional information, ensuring that even if hackers attempt to breach their security, they hit an encrypted wall.