Google Calendar vulnerable to phishing link scams

Image of a phone with google calendar open

Google Calendar vulnerable to phishing link scams

Image of a phone with google calendar open

If you see an unfamiliar notification on your Google Calendar, don’t be too quick to click on the link.


You could fall victim to a new form of phishing attack, warns cybersecurity expert Kaspersky Lab.


Cybercriminals are reportedly luring unsuspecting Google users to click on links sent to them via the Calendar feature, exposing them to a variety of cyber threats. Kaspersky notes that it observed attacks targeting victims throughout May.


The criminals reportedly abuse a specific feature of the calendar that adds events and invitations automatically.


Users supposedly received pop-up Calendar notifications, and the report shows that in some cases, the victims are redirected to a website that offers money in exchange for the users to complete an online questionnaire. In order to receive the prize, the victims are asked to enter their credit card and other personal details.


However, not only do these victims not receive the prize money, their details are possibly sent to scammers who could steal the victims’ money or identity, says the report.


“The ‘calendar scam’ is a very effective scheme, as most people have become used to receiving spam messages from emails or messenger apps,” said Maria Vergelis, security researcher at Kaspersky in a statement.


“But this may not be the case when it comes to the Calendar app, which has a main purpose to organise information rather than transfer it.


“So far, the sample we’ve seen contains text displaying an obviously weird offer, but as it happens, every simple scheme becomes more elaborate and trickier with time. The good news is that it’s fairly easy to avoid such a scam,” she said.


Vergelis added that the feature that enables it can be easily turned off in the Calendar settings.


To do so, open Google Calendar, head to Settings and choose Event Settings. Select “No” for the “automatically add invitations” option and select “No, only show invitations to which I’ve responded”.


Also make sure that the “Show declined events” under the View Options section is not selected.


Source: The Star


Many people that may use google calendar could be at risk of a phishing scam. The attacker would send an invite to your email address and it would automatically add entries to your calendar that contain links to a page requesting or your credit card information or any other personal information.  Luckily this can be prevented by adjusting your event settings and setting “automatically add invitations” to “No, Only show invitations to which I’ve responded”.


Click here to learn more about Managed Services Australia.


Visit our Technology Centre and make your first purchase with us today!


Nicholas Guarnaccia
No Comments

Post a Comment