Attack Delivery: Scammers exploited Google Calendar's notification system to send invites that bypass email security policies. These invites contain links to Google Drawings, which include a clickable image of a fake Google CAPTCHA. Clicking the image redirects victims to a fraudulent Bitcoin mining website.
Scams by Appointment: Exploiting Google Calendar Invites
Using calendar invites to bypass SEGs.
What is the attack?
Why did it get through?
Verified Source: Email sent from a domain passing SPF/DMARC sender authentication checks.
Content Analysis: Email security tools often fail to scrutinize calendar invite notifications or URLs embedded within event descriptions.
Legitimate Hosting: The document was hosted on a legitimate Adobe Creative Cloud site, lending it an appearance of authenticity.
What is required to solve for this attack?
Behavioural Analysis: Abnormal’s Behavioral AI flags never-before-seen senders, unusual email content, and URLs as anomalies that enable the detection of novel attacks.
Content Analysis and Natural Language Processing: Abnormal understands the email's content, recognizing the urgency and financial implications as indicators of a financial themed attack.