094 90 48200     Get SUPPORT

Aniar IT Services Blog

How Cybercriminals Can Add “Be Scammed” to Your Google Calendar

How Cybercriminals Can Add “Be Scammed” to Your Google Calendar

Users seem to have a bit of a blind spot when it comes to solutions put out by Google, particularly the risks associated with Gmail. It’s almost odd to say: a security threat leverages Gmail. Unfortunately, it isn’t unheard of, as a phishing scam has been leveraging Gmail and its cooperation with Google Calendar for some time now.

Here, we’ll review the basic experiences that this scam subjects a user to as it sets the trap… and, of course, what your business can do to avoid these threats.

How Users Can Be Scammed

Put yourself in the shoes of a targeted user for a moment: just like any other day, you access your Gmail account and discover what looks like a Google Calendar invite. The invite is apparently for some kind of company-wide meeting (probably to discuss the company’s trajectory, policy changes, or something like that) to take place at the end of the workday. The message includes a link to the complete agenda, which can be accessed once a user confirms their credentials. You do so… and in doing so, fall for a scam.

This scam can be pretty safely categorized as “brilliant in its simplicity,” much like other phishing attacks can be nowadays. By using Google’s own convenience-based features, a fraudulent calendar event can be automatically added to a user’s Google Calendar, notifying the user. Fraudulent links send the user to a faked Google login page, where the user’s credentials are stolen as they attempt to log in. Alternatively, the link just begins installing malware directly to the targeted system. This scam has also proved effective against private users - informing them of some fabulous cash prize they’ve “won” through these fake Calendar entries.

How the Scam Was Uncovered

As it turns out, the details of this scam were reported to Google by an IT security firm in 2017, but Google has not made any steps to resolve it until recently.

The firm stumbled upon this discovery when a coworker’s flight itinerary appeared in an employee’s Google Calendar. From there, the researcher realized the implications of this accidental discovery, and quickly determined that users just don’t anticipate phishing attacks to come in through their Calendar application.

Can This Scam Be Stopped?

Now that Google has acknowledged the issue, a fix is currently being developed as of this writing. Until the point that a successful fix is deployed, you need to make sure your users are protected against this vulnerability.

The first thing they need to do is ensure that no Gmail events are automatically added to their Google Calendar. Under Settings in the Google Calendar application, they need to access their Event settings. From there, they need to deselect the option to Automatically add events to my calendar from their Events from Gmail.

To disable invitations to events from automatically adding themselves to the Google Calendar, a user needs to go through the same process, this time switching the Automatically add invitations option to the much safer “No, only show invitations to which I have responded.”

With any luck, this - combined with a little vigilance from your users - will protect your business from a phishing attack via its schedule. To learn more about how to protect your business against a variety of threats, subscribe to our blog, and give Aniar IT Services a call at 094 90 48200 .

Microsoft Releases Rare Bug Fix Off of Regular Pat...
The Truth About Compliance and Cybersecurity
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, November 14 2019

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Best Practices Business Computing Privacy Cloud Productivity User Tips Email Microsoft Innovation Network Security Hosted Solutions Internet Hackers Google Workplace Tips Data Tech Term Hardware Software Managed IT Services Data Backup Efficiency Communications IT Services Windows 10 Data Recovery Cybersecurity IT Support Communication Small Business Cloud Computing Smartphones Business Mobile Devices Computer Mobile Device Gadgets Artificial Intelligence Malware Smartphone VoIP Collaboration Android Internet of Things Users Backup Outsourced IT Network Phishing Browser Miscellaneous Server Windows Spam Business Management Router Office 365 Chrome How To Upgrade Saving Money Business Continuity Information Managed Service Word Cybercrime Computers Applications BDR Passwords Holiday Ransomware Facebook Microsoft Office Remote Monitoring Connectivity Settings Data Security Money Display Data Storage Encryption Infrastructure History Social Media Staff Windows 7 Mobile Device Management Blockchain Vulnerability Operating System Two-factor Authentication Data Protection BYOD Paperless Office Google Drive Avoiding Downtime Education Identity Theft Servers Apps Comparison Telephone System Private Cloud IT Plan Vendor OneNote Help Desk Google Docs Law Enforcement Big Data Sports Machine Learning Access Control Virtualization Digital Signage Website CES Unsupported Software Cryptocurrency Telephony Training Managed IT Fraud Software as a Service Scam Business Intelligence Human Resources Update Content Management Quick Tips Keyboard Spam Blocking Botnet VPN Disaster Recovery Processor Password Bring Your Own Device Government Virtual Assistant Managed IT services Automation IT Management Redundancy Voice over Internet Protocol Wi-Fi App Patch Management Telephone Systems Augmented Reality Meetings Save Money Social Engineering Criminal Windows 10s Firewall Cabling Downtime Password Management Social Sync Multi-Factor Security Saving Time 5G MSP Net Neutrality Millennials Managed Services Provider Digital Signature Bing WiFi Business Mangement Smart Tech Screen Mirroring Bitcoin The Internet of Things Electronic Medical Records Wire Audit Physical Security Entertainment Warranty Excel GDPR Hacker Google Apps Employer-Employee Relationship Employee Addiction Unified Threat Management Cables Online Shopping Root Cause Analysis NIST Procurement File Sharing ISP Value Workforce OLED Using Data Credit Cards PDF HVAC Flash Gmail Cast Specifications Batteries Data Management Printer Tip of the week Remote Computing Workers Compliance Employee/Employer Relationship Public Cloud Mobile Computing Default App Evernote Cleaning Trending Cryptomining Biometric Security Information Technology HaaS Virtual Machine Recycling Devices Google Search Virtual Private Network Computer Fan YouTube Mouse Windows Server 2008 Windows Server 2008 R2 Authentication Data loss Cache Software Tips Smart Office HBO IT Infrastructure Practices Safe Mode Security Cameras Remote Worker Database Telecommuting Manufacturing Amazon Networking Shortcuts Hypervisor Wireless eWaste Thought Leadership Save Time Remote Workers FENG Microchip Computer Care Bandwidth Cortana Alert Data Breach Wireless Internet Document Management Camera Outlook Investment Charger Hosted Computing Smartwatch Skype Wiring Business Technology Travel Remote Work Virtual Reality Amazon Web Services Accountants Enterprise Content Management Mobility Vendor Management Legal Proactive IT Tools Work/Life Balance Managed IT Service Search Engine Hard Drive Password Manager Nanotechnology Project Management HIPAA USB Solid State Drive Frequently Asked Questions Recovery ROI Wireless Charging Inventory Health Start Menu Twitter Tech Support Wireless Technology IBM Fun Personal Information Safety Productivity Marketing Budget Customer Relationship Management Financial Competition IP Address Hard Drives Customer Service Search Mobile Office Regulation Domains CrashOverride Emergency Windows 10 Company Culture Public Speaking Managed Service Provider Presentation Managing Stress Lithium-ion battery Printers Hiring/Firing