Google is urging users to enable a setting on their accounts to block worrying new attack.
Hackers have found a crafty new way to attack users, and if you have a Google account, you’d be wise to switch on a simple setting immediately. The latest threat, which has been spotted by the team at Check Point, is taking advantage of those using Google Calendar.
The danger starts with innocuous-looking emails that land in Gmail inboxes with a link that asks to add a date to your calendar.
To make things look more convincing, crooks use popular firms in a bid to trick people – it’s thought some 300 bands have been imitated to date.
If a user is fooled, they could end up handing personal data over to the criminals which can then be used to steal money.
“Due to Google Calendar’s popularity and efficiency in everyday tasks, it is no wonder it has become a target for cyber criminals. Recently, cyber security researchers at Check Point, have observed cyber criminal manipulation of dedicated Google tools – namely Google Calendar and Google Drawings,” Check Point said.
“Many of the emails appear legitimate because they appear to directly originate from Google Calendar.”
It’s a growing threat that shouldn’t be ignored with Check Point saying researches have spotted around 4,000 of these phishing emails in a four week period.
HOW THE SCAM WORKS
• The initial emails include a link or the calendar file (.ics) with a link to Google Forms or Google Drawings.
• Users are then asked to click on another link, which is often disguised as a fake reCAPTCHA or support button.
• After clicking on the link, the user is forwarded to a page that looks like a cryptocurrency mining landing page or bitcoin support page.
• These pages are actually intended to perpetrate financial scams. Once users reach said page, they are asked to complete a fake authentication process, enter personal information, and eventually provide payment details.
Along with remaining vigilant and not accepting calendar invites, Google recommends switching on the “known senders” setting in Google Calendar.
“We recommend users enable the “known senders” setting in Google Calendar. This setting helps defend against this type of phishing by alerting the user when they receive an invitation from someone not in their contact list and/or they have not interacted with from their email address in the past.”