Google is great. It offers a lot of useful services for free. And those services are tightly integrated so they work well together.
Google services are also used by a lot of people. According to an article on Forbes.com, “Google’s Gmail email service is used by upwards of 1.5 billion people. The Google Calendar app, meanwhile, has been downloaded more than a billion times from the Play Store”
Now, the tight integration between Google apps is being exploited by hackers to target users with phishing attacks. According to the article, “Security researchers working at Kaspersky [found that] users of the Gmail service are being targeted primarily through the use of malicious and unsolicited Google Calendar notifications.”
The problem is that anyone can use Google Calendar to schedule a meeting with anyone else. Gmail, which is tightly integrated with Google Calendar, receives notification of the invitation. According to Kaspersky, “Google services often send email notifications to Gmail inboxes — and Google’s antispam module avoids flagging notifications from its own services as spam.” And therein lies the problem, which threat actors have been quick to jump on.
Google doesn’t natively protect Google users from phishing attacks that use Google services to deliver the attack. That’s a problem for about a billion people. And it’s not just limited to Gmail and Google Calendar. Exploits have been found in
- Google Photos,
- Google Forms,
- Google Drive,
- Google Storage and
- Google Analytics.
Using these non-traditional attack methods is how hackers bypass people’s natural defenses to deliver phishing attacks. And there’s no amount of awareness training that’s going to change that.
If you use Google services and are worried about phishing attacks, you should look into protecting yourself with cloud-based phish protection technology that works with all email services, including Gmail. You should look into Phish Protection’s Advanced Threat Defense. It’s fast and affordable. Try it free for 30 days.