CATEGORIES
home News

New Phishing Scam Puts Nefarious Links Into Google Calendar

by Shane McGlaunMonday, June 17, 2019, 03:45 PM EDT

Anyone with a modicum of security sense knows that if you get an email that looks suspicious, you don't click on any included links. Most people also know to watch out for phishing scams that come in via social networks -- phishing attacks are expected in these mediums. What many might not expect is to run across phishing links in their Google Calendar.

google andorid smartphone

Hackers have realized that they can take advantage of default calendar settings to plant their own events that are tainted with phishing links onto a user's computer. Since Google Calendar entries have notifications tied to them, the user gets notifications that seem legitimate and can lead to the user clicking through to a nefarious link and giving up information that can result in further attacks.

The attack was discovered by Kaspersky researchers who note that most of the phishing entries they have seen have links to fake surveys with short descriptions. The researchers specifically note descriptions like "You've received a cash reward," or "There's a money transfer in your name."

Some of the the links ask for credit card information and for the user to send a small amount of money for a chance to win a more significant amount. The phishing attackers can also set the notification in the calendar to send the same message many times until the user clicks the link or deletes the invitation. Kaspersky researchers say that the delivery method is "quite new" and growing.

The novel part of the attack is how many people can be messaged by the attackers all at once. Google Calendar users can protect themselves by changing some of their settings. This is done by opening Google Calendar settings on a desktop browser. Then go to Event Settings -> Automatically Add Invitations and select "No, only show invitations to which I've responded." Researchers also suggest turning off "Show Declined Events" under View Options. In May, Google started offering replacements for its Titan security key after it was discovered that the keys could be hacked.

Tags:  Google, Phishing, (nasdaq:goog), google calendar
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment