A new phishing scam that uses Google Calendar is duping innocent users
Phishing scams are common these days. They attack us using the SMS and they attack us using the emails. And some times they even try to take control of our data - primarily the financial data - using the alleged calls from customer care executives. Quite frankly, no one is immune to receiving such unsolicited messages or emails. But thanks to their popularity, everyone knows the drill to safeguard themselves. Just don't click on suspicious emails or links and don't reveal your financial information to anyone and you are good to go. You know this. I know this and even scammers know this. And so now, they are using Google Calendar and similar calendar apps for targeting innocent users.
Security experts at global security firm Kaspersky have found a new type of phishing scam wherein scammers are using Google Calendar for duping innocent users. Kaspersky security experts have detected multiple cases of a phishing scam where the tricksters unsolicited Google Calendar notifications for luring smartphone users into giving away their personal information.
The global security firm said that these attacks involving Google Calendar and similar calendar apps happened all throughout May and they abused a specific feature of the calendar service which adds invitations and events to users' calendars automatically to carry out their fradulent scheme.
"The e-mails exploited a common default feature for people using Gmail on their smartphone: the automatic addition and notification of calendar invitations," Kaspersky wrote in a blogpost. The scamsters would send unsolicited calendar invitations carrying a link to a phishing URL to the users. This would prompt a pop-up notification of the invitation on the user's smartphone screens encouraging users to click on the link.
In most cases, the users were redirected to a website featuring a simple questionnaire with prize money on offer. To receive the prize, users were asked for a "fixing" payment for which they needed to enter their credit card details and additional some personal information. The tricksters would then use this data to steal money or identity of the user.
"The "calendar scam", is a very effective scheme, as currently people have more or less got used to receiving spam messages from e-mails or messengers and do not immediately trust them," Maria Vergelis, security researcher at Kaspersky said in a statement.
The good news is that you don't need extreme measures to dodge this bullet. Just turn off the automatic adding of invites to your Google Calendar app and you are good to go. In case you aren't sure how to do that, just follow these steps:
- Open Google Calendar and click the settings Gear Icon.
- Click on Event Settings.
- For the 'automatically add invitations' option click on the dropdown menu and select 'No, only show invitations to which I've responded'.
- Below this, in the View Options section, make sure 'Show declined events' is NOT checked. And you are good to go!