Everyone is pretty familiar with how to spot a phishing email these days, but are even savvy users ready for risks from an entirely different source? Kaspersky was the first to uncover a recent trend in scams, with savvy scammers using Google Calendar invites to plant phishing scams into unsuspecting users’ inboxes.
How is it happening?
Google Calendar allows events and invitations to be automatically synched into your calendar from your inbox, letting sophisticated phishing emails populate users’ calendars with embedded links that redirected to scammer sites looking to collect credit card or other personal user data.
Targeted users are encouraged to fill out the information with the promise of cash, money transfers or other incentives if they share their information, and these auto-added events can trigger ongoing reminders and notifications that come through Google, making it harder for users to spot the scam.
“In most of the cases observed, the user was redirected to a website that featured a simple questionnaire and offered prize money upon completion,” says Kaspersky’s release. “To receive the prize, the user was asked for a ‘fixing; payment, for which they need to enter their credit card details and add some personal information, including their name, phone number and address. Instead of being used to deliver the prize, this information went straight to the scammers who can exploit it to steal the victim’s money or identity.”
How can you avoid it?
Thankfully, the fix here is fairly straightforward. From a desktop computer, users can head into the Google Calendar settings, dig into their Event Settings and select the “No, only show invitations to which I’ve responded” option under Automatically Add Invitations. Cut down on any repeated notifications by also unchecking the Show Declined Events option.
Users accessing their Gmail accounts from smartphones are particularly vulnerable here, and all users should be particularly suspicious of links leading back to meet.google.com.
How can we help?
The overarching lesson here is that the security of your data, networks and email servers are more important than ever. If you’re worried about your security or just want to make sure you’re protected, we’re here to help. Get in touch today and let us customize end-to-end security solutions to keep your business protected.