Are you part of the 1.5 billion people that use Google’s Gmail and Calendar services? If you are, security researchers working at Kaspersky have said that you could be at risk for falling victim to a new scam that involves a credential-stealing attack.
The Scam Explained
Kaspersky released a statement this week which said that after analyzing both Google Calendar and Gmail they have discovered that users are receiving unsolicited notifications that include a link to a phishing URL. If you click on the link, you are brought to a malicious site where your credit card credentials could be stolen if you key them into the website.
The hackers populate the location and topic fields so it announces a phony online poll or questionnaire and offers a financial incentive if you take part, then the hackers encourage you to follow a malicious link where bank account or credit card details can be collected.
The issue centres on a feature in Google Calendar and Gmail that permits hackers to create a calendar event where you’ll automatically receive a notification about it. However, the report highlights that the most interesting part of the scam is that the hackers aren’t using traditional email for it—instead, they’re using the calendar app to catch people off guard.
How to Stay Safe
The best way to protect yourself is to make sure you don’t click on any links sent to you from someone you don’t know or anyone that creates an invite in your calendar without your prior knowledge.
Also, make sure that you never share your personal information on a site unless you know it’s trustworthy and you can confirm that it’s real. Even though it’s hard to be 100% sure, try not to enter any sensitive data to sites that seem suspicious.
Last but certainly not least, disable the feature that automatically adds calendar invitations to your Google Calendar. That will immediately prevent hackers from targeting you. You can do this by going to the “Event Settings” menu in Google Calendar and turning off the “automatically add invitations” option by turning on the “only show invitations to which I’ve responded” instead.
Kaspersky also advises you to leave the “Show declined events” in the View Options section unchecked. You can do that by going to your Calendar and selecting the Gear Icon at the top. Then, select Event Settings and click “No, only show invitations to which I’ve responded” under the drop-down menu.
Fortunately, Kaspersky has said that although the scam is worrisome, it’s easy to avoid by updating these Google’s settings.
Sources:
- https://www.forbes.com/sites/daveywinder/2019/06/11/new-security-warning-issued-for-googles-1-5-billion-gmail-and-calendar-users/#44c76a7d565e
- https://www.inc.com/don-reisinger/hackers-are-targeting-15-billion-gmail-calendar-users-heres-what-you-can-do-to-protect-yourself.html
- https://www.digitalinformationworld.com/2019/06/spam-through-google-services.html
