094 90 48200     Get SUPPORT

Aniar IT Services Blog

By accepting you will be accessing a service provided by a third-party external to https://www.aniar.ie/

How Cybercriminals Can Add “Be Scammed” to Your Google Calendar

How Cybercriminals Can Add “Be Scammed” to Your Google Calendar

Users seem to have a bit of a blind spot when it comes to solutions put out by Google, particularly the risks associated with Gmail. It’s almost odd to say: a security threat leverages Gmail. Unfortunately, it isn’t unheard of, as a phishing scam has been leveraging Gmail and its cooperation with Google Calendar for some time now.

Here, we’ll review the basic experiences that this scam subjects a user to as it sets the trap… and, of course, what your business can do to avoid these threats.

How Users Can Be Scammed

Put yourself in the shoes of a targeted user for a moment: just like any other day, you access your Gmail account and discover what looks like a Google Calendar invite. The invite is apparently for some kind of company-wide meeting (probably to discuss the company’s trajectory, policy changes, or something like that) to take place at the end of the workday. The message includes a link to the complete agenda, which can be accessed once a user confirms their credentials. You do so… and in doing so, fall for a scam.

This scam can be pretty safely categorized as “brilliant in its simplicity,” much like other phishing attacks can be nowadays. By using Google’s own convenience-based features, a fraudulent calendar event can be automatically added to a user’s Google Calendar, notifying the user. Fraudulent links send the user to a faked Google login page, where the user’s credentials are stolen as they attempt to log in. Alternatively, the link just begins installing malware directly to the targeted system. This scam has also proved effective against private users - informing them of some fabulous cash prize they’ve “won” through these fake Calendar entries.

How the Scam Was Uncovered

As it turns out, the details of this scam were reported to Google by an IT security firm in 2017, but Google has not made any steps to resolve it until recently.

The firm stumbled upon this discovery when a coworker’s flight itinerary appeared in an employee’s Google Calendar. From there, the researcher realized the implications of this accidental discovery, and quickly determined that users just don’t anticipate phishing attacks to come in through their Calendar application.

Can This Scam Be Stopped?

Now that Google has acknowledged the issue, a fix is currently being developed as of this writing. Until the point that a successful fix is deployed, you need to make sure your users are protected against this vulnerability.

The first thing they need to do is ensure that no Gmail events are automatically added to their Google Calendar. Under Settings in the Google Calendar application, they need to access their Event settings. From there, they need to deselect the option to Automatically add events to my calendar from their Events from Gmail.

To disable invitations to events from automatically adding themselves to the Google Calendar, a user needs to go through the same process, this time switching the Automatically add invitations option to the much safer “No, only show invitations to which I have responded.”

With any luck, this - combined with a little vigilance from your users - will protect your business from a phishing attack via its schedule. To learn more about how to protect your business against a variety of threats, subscribe to our blog, and give Aniar IT Services a call at 094 90 48200 .

Microsoft Releases Rare Bug Fix Off of Regular Pat...
The Truth About Compliance and Cybersecurity
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, June 04 2020

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Business Computing Best Practices Productivity Cloud Privacy Network Security Hosted Solutions Email Innovation User Tips Workplace Tips Internet Microsoft Efficiency IT Support Data Software Hackers Google Data Backup Hardware Data Recovery Communication Small Business Tech Term Managed IT Services Cloud Computing Smartphones Business Cybersecurity Communications Collaboration IT Services Windows 10 Phishing Mobile Devices VoIP Computer Gadgets Android Backup Business Continuity Users Mobile Device Malware Smartphone Outsourced IT Network Browser Saving Money Artificial Intelligence Windows Disaster Recovery Business Management Miscellaneous Internet of Things Server Information Managed Service Facebook Upgrade Spam BDR Office 365 Router Social Media Chrome How To Passwords Windows 7 Blockchain Automation Microsoft Office BYOD Paperless Office Holiday Word Cybercrime Computers Applications Wi-Fi Human Resources Two-factor Authentication Infrastructure History Quick Tips Networking Staff Bandwidth Data Breach Vulnerability Apps Operating System Remote Work Data Protection Patch Management Save Money Ransomware Telephone System Remote Monitoring Connectivity Settings Data Security Money Virtualization Display Mobile Device Management Data Storage Managed IT Encryption Business Intelligence Update Content Management Keyboard Spam Blocking Botnet Augmented Reality VPN Processor Password Bring Your Own Device Government Virtual Assistant Managed IT services IT Management Business Technology Redundancy Voice over Internet Protocol Vendor Management App Telephone Systems HIPAA Meetings Health Social Engineering Google Drive Avoiding Downtime Big Data Website Education Managed Services Provider Identity Theft Servers Comparison Private Cloud IT Plan Vendor Procurement OneNote Help Desk Google Docs Law Enforcement Sports Machine Learning Access Control Digital Signage Employee/Employer Relationship CES Unsupported Software Cryptocurrency Telephony Training Fraud Software as a Service Scam Google Search Virtual Private Network Computer Fan YouTube Mouse Windows Server 2008 Windows Server 2008 R2 OneDrive Authentication Data loss Covid-19 Cache Software Tips Smart Office HBO IT Infrastructure Social Network Practices Safe Mode Security Cameras Remote Worker Database Telecommuting Manufacturing Computing Amazon Shortcuts Hypervisor Remote eWaste Thought Leadership Save Time 5G Remote Workers FENG Microchip Computer Care Copiers Cortana Alert Peripheral Wireless Internet Document Management Camera Outlook Investment Printing Charger Hosted Computing Smartwatch Skype Wiring Travel The Internet of Things Virtual Reality Professional Services Amazon Web Services Accountants Enterprise Content Management Mobility Hacker Going Green Legal Proactive IT Tools Work/Life Balance Managed IT Service Search Engine Hard Drive Development Password Manager Nanotechnology Project Management Quick Tip USB Solid State Drive Printers Frequently Asked Questions Recovery ROI Personal Wireless Charging Inventory Start Menu Criminal Windows 10s Firewall Cabling Fiber Optics Downtime Password Management Social Sync Multi-Factor Security Saving Time Office MSP Net Neutrality Millennials Digital Signature Bing WiFi Messaging Business Mangement Smart Tech Screen Mirroring Bitcoin Electronic Medical Records Wire Audit Physical Security Entertainment Warranty Excel GDPR Digitize Google Apps Employer-Employee Relationship Employee Addiction Unified Threat Management Cables Trend Micro Online Shopping Root Cause Analysis NIST Mobile Office Supply Chain Management File Sharing ISP Value Workforce OLED Using Data Credit Cards PDF HVAC Flash SMS Gmail Cast Specifications Wireless Batteries Data Management Printer Tip of the week Remote Computing IT Assessment Workers Compliance Managed Services Public Cloud Mobile Computing Default App Shopping Evernote Cleaning Trending Cryptomining Biometric Security Information Technology HaaS Virtual Machine AI Recycling Devices Presentation Regulation Lithium-ion battery CrashOverride Emergency Wireless Technology Company Culture Tech Support Safety IBM Productivity Managed Service Provider Marketing Managing Stress Budget Competition Customer Relationship Management Hiring/Firing Twitter IP Address Fun Personal Information Customer Service Domains Financial Windows 10 Hard Drives Public Speaking Search