Person checking emails on tablet

New Scam Targets Gmail, Calendar Users

New Scam Targets Gmail, Calendar Users

A new security threat is targeting users of Google’s Gmail and Calendar apps with a scam that could potentially expose user credentials and other sensitive information.

Hackers are taking advantage of the two apps’ seamless integration to steal user information. Security experts at Kaspersky have observed multiple cases of users receiving unsolicited calendar notifications that contain malicious links to phishing sites.

This threat shows that even the most popular and trusted applications are vulnerable to attack. More than 1.5 billion people use Gmail, and the Calendar app has been downloaded at the Google Play store more than 1 billion times.

Scammers are taking advantage of Calendar’s ease of use and its integration with Gmail to target victims.

Scam alert on yellow signs

Anyone can schedule a meeting on the calendar of another Google user. Calendar then automatically sends meeting notifications to the users’ Gmail account. Scammers send the invite and include a link to a malicious site, which asks users to enter sensitive information.

“The ‘calendar scam’ is a very effective scheme, as most people have become used to receiving spam messages from emails or messenger apps,” said Maria Vergelis, security researcher at Kaspersky. “But this may not be the case when it comes to the Calendar app, which has a main purpose to organize information rather than transfer it. So far, the sample we’ve seen contains text displaying an obviously weird offer, but as it happens, every simple scheme becomes more elaborate and trickier with time. The good news is that it’s fairly easy to avoid such a scam—the feature that enables it can be easily turned off in the calendar settings.”

Shut the door on scammers
To mitigate your risk, turn off the automatic adding of calendar invitations in the Event Setting menu in Google Calendar. Disable the “automatically add invitations” option and enable the option to “only show invitations to which I’ve responded.” You also have the option to uncheck the “Show declined events” in the View Options menu.

Watch your calendar for unexpected or unfamiliar entries and never click a link from an untrusted source. If you’re redirected to a website that you can’t verify is authentic or secure, never enter personal information.

If you’re looking for a reliable security solution that can protect your business from IT threats, Arvig can help.

Related Posts

Scams and Fraud Featured
Phishing Scam Featured