Millions of Google Calendar users are urged to make one change to their account to protect themselves from cyber criminals posing as legitimate people or companies
More than 500 million of us use Google Calendar to feel organised in this ever-so chaotic world. It’s a convenient tool, one that allows users to quickly schedule their work and personal meetings, manage their time better, and make sure they never forget those important dates.
However, the app’s sheer popularity also means it’s a prime target for fraudsters and hackers, who have sent out thousands of phishing emails in recent months to obtain personal information – including your bank details. Researchers over at Check Point found that cyber criminals are modifying ‘sender’ headers to make emails appear as though they’re coming from Google Calendar on behalf of a ‘known and legitimate individual’. In a period of just four weeks, it’s believed 300 brands had been imitated in a sample of 4,000 phishing emails.
“At the heart of this campaign, cyber criminals aim to fool users into clicking on malicious links or attachments that allow for the theft of either corporate or personal information,” the software company wrote. “After an individual unwittingly discloses sensitive data, the details are then applied to financial scams, where cyber criminals may engage in credit card fraud, unauthorised transactions or similar, illicit activities. The stolen information may also be used to bypass security measures on other accounts, leading to further compromise.”
Google Calendar scam – how it works
Users will receive an email which includes a link or the calendar file (.ics) with a link to either a Google Form or Google Drawings. Remember, this may look legitimate and not arise any suspicion. Recipients are then instructed to click onto another link. According to Check Point, this is often ‘disguised as a fake reCAPTCHA or support button’.
“After clicking on the link, the user is forwarded to a page that looks like a cryptocurrency mining landing page or bitcoin support page,” the tech experts explained. “These pages are actually intended to perpetrate financial scams. Once users reach said page, they are asked to complete a fake authentication process, enter personal information, and eventually provide payment details.”
How to block the Google Calendar scam
Always remain vigilant and do not accept calendar invites, especially if you’re suspicious something isn’t right. Google also recommends switching on the ‘known senders’ setting in Google Calendar which will flag if they receive an invitation from someone who isn’t in their contact list and/or they have not interacted with from their email address in the past. If this alert shows even though the invite looks like it’s from someone you know and trust – it’s likely phishing.
Have you been affected by the Google Calendar scam? Email liam.gilliver@reachplc.com for a chance to share your story
