Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Scam of the Week – Gmail users hit with crafty Google Calendar Phishing Scam

Cybercriminals are adept at finding new ways to scam us and according to researchers at Kaspersky, the crooks are using Google Calendar notifications as a means of delivering phishing links.

The crafty scam takes advantage of the Google Calendar setting that automatically pulls events and invites over from a user’s Gmail account.

A seemingly legitimate pop-up notification appears on the user’s smartphone and they are prompted to click on a link to complete a survey or claim a cash reward. Descriptions on the calendar invites include; ‘You’ve received a cash reward’ or ‘There’s a money transfer in your name’.

If the victim clicks on the link, they are redirected to a fake website that features a simple questionnaire. To be in with a chance of winning a prize, they are asked to submit some personal information including their name, address, phone number and bank account details.

Once the crooks have all this sensitive information, they can then use it to clean out the victim’s bank account or commit identity fraud. At the current time, it appears the main aim of the scam is to harvest user details but the links could also be used to deliver malware.

The scam is particularly effective as most users will recognise Google Calendar as a trusted app and not even think twice about questioning the validity of links within calendar invites.

To avoid falling for this type of phishing attack, there are a number of steps you should take:

• Open Google calendar’s setting on a desktop browser and go to Event Settings> Automatically Add Invitations. Select the option ‘No’, only show invitations to which I’ve responded.

• Under View Options, make sure that ‘show declined events” is unchecked.

• Don’t open messages from unknown senders.

• Never accept invitations from someone you don’t know.

• Don’t click on links in messages you weren’t expecting.

The scam is just another example of how deceptive cybercriminals are becoming in their pursuit to defraud us. As the general population becomes more knowledgeable about the classic signs of a phishing attack, the crooks have had to change tactics and try different methods to avoid detection.

Action Fraud recently announced that they’ve received over a quarter of a million reports of phishing between April 2018 and March 2019, demonstrating just how widespread the cyber threat has become.

Despite the increasing sophistication of phishing attacks, there are a number of ways you can protect yourself online. MetaPhish has been specifically designed to protect businesses from phishing and ransomware attacks and provides the first line of defence in combatting cyber-crime. Get in touch for further information on how we can help your business.

about the author

sharing is caring

Share on linkedin
Share on twitter
Share on facebook

you might enjoy reading these

UK GDPR Series Available Now

Privacy is an ongoing concern for every organisation, however, the notion of consent isn’t without its complications. To help organisations navigate data protection protocols, we
Read More »

Seasonal Phishing Templates

Phishing is a year-round activity for cybercriminals, and just like retailers, they use seasonal events as an opportunity to cash in. Seasonal occasions, including St
Read More »

Request Demo

The personal information that you provide to us in this form will only ever be used by MetaCompliance (as the Data Controller) for the following specifically defined purposes:

  • email you content that you have requested from us
  • with your consent, occasionally email you with targeted information regarding our service offerings
  • continually honour any opt-out request you submit in the future
  • comply with any of our legal and/or regulatory obligations