CHICAGO — Cybersecurity experts are warning that scammers are exploiting popular Google services like Gmail, Calendar, and Meet to launch sophisticated phishing attacks, targeting unsuspecting users with fake invites and meeting links.
The new scam strategy involves embedding malicious links into Google Calendar invites and Google Meet links, which can be automatically added to users’ calendars or appear as seemingly legitimate notifications.
“We see a triple threat targeting Google users specifically through Google Meet invites and Google itself,” said Gerald Kasulis, a Chicago-based expert with Nord Security.
How the Scam Works
The deceptive process often begins with users receiving fraudulent calendar invites, which may appear authentic due to Google’s automatic invite settings.
-
These invites often contain malicious links, prompting users to click and unknowingly download malware.
-
Once clicked, the malware can harvest sensitive personal data, including login credentials and financial information.
Additionally, some scammers go a step further by impersonating Google support engineers, urging users to reset their accounts via fake links, which leads to further compromise.
“When you click in, you’re going to download malware that exposes your personal information,” Kasulis said.
“This is not Google’s fault. It’s just cybercriminals going after the platform that we trust.”
Google’s Response And Protections
Google has acknowledged the issue and said it is actively working to shut down malicious actors as they’re reported.
-
New Google consumer accounts now have the “Known Senders Setting” automatically enabled in Google Calendar.
This feature restricts calendar invites from unfamiliar users, blocking spam invites before they show up. -
Gmail’s AI-powered filters are already in place, designed to block 99.9% of phishing and spam attempts before they hit inboxes.
Google has reiterated that Google Meet was built with privacy and abuse-prevention tools, but users should remain vigilant.
What You Can Do
Cybersecurity experts and Google recommend the following safety tips:
-
Enable “Known Senders” setting in Google Calendar.
-
Do not click on links from unfamiliar calendar invites or Meet links.
-
Never reset your account password via links received in unsolicited emails or messages.
-
Report suspicious messages or invites directly to Google.
“The scams are getting more sophisticated,” Kasulis noted. “People need to stay alert, even when dealing with trusted platforms.”
A Larger Pattern
The phishing scheme adds to a growing number of digital scams that leverage the credibility of well-known tech platforms. Cybercriminals continue to exploit user trust, knowing that services like Google are deeply embedded in daily life.
The rise in such targeted scams also underscores the need for digital literacy, especially among users who may not be aware of auto-accept calendar features or the dangers of clicking unfamiliar links.
Have you received suspicious Google invites or links lately?
Let us know how you handle online scams in the comments below. Your story could help others stay protected.
