Contact Us Today! 1-844-237-4300

Central Technology Solutions Blog

Don’t Be Snagged by This Google Calendar Phishing Scam

Don’t Be Snagged by This Google Calendar Phishing Scam

Gmail and the applications associated with it seem to have some level of inherent trust among users. We just don’t anticipate threats to come in via something from Google. However, it does happen, as a recent spat of phishing has shown using Gmail and Google Calendar. What’s worse, this particular scam has been around for some time.

We’ll review how the scam works, and what can be done to protect your business from its effects. 

How This Scam Works

Let’s outline the scenario: a user logs into their Google account and finds an invite for a Google Calendar event. The invite is for a crucial company-wide meeting - apparently to discuss a new vision for the company, changes to policies moving forward, that kind of thing - that is scheduled to take place at the end of the day. A link is included for the complete agenda to the meeting. Clicking the link brings the user to an authentication page, where the user inputs their credentials.

Uh oh… the user was caught up in the scam.

This scam is unnervingly simple to enact. An invite is sent to a user for a calendar event, which is automatically added, and the user notified. In that notification, a scammer includes fraudulent links to a facsimile Google login page - which is actually just a means for a hacker to steal the user’s credentials. Sometimes, this link will just allow malware to install itself on the user’s systems.

Some attackers have fooled personal users by claiming that they won a cash prize - informing them through the fraudulent calendar entry.

How This Was Discovered

This scam was actually first reported back in 2017 by researchers at an IT security firm, but no apparent steps to resolve it were taken by Google.

One of the researchers noticed that an unfamiliar calendar event had been added to their Calendar when another user at the firm shared an upcoming flight itinerary through Gmail. However, the event was automatically added to the researcher’s calendar. Digging deeper into the implications this accident brought up, the firm realized that an email doesn’t need to be sent to add an event to someone’s calendar. Then came the thought: sure, we all know to look for phishing in our emails, but would we ever question a Calendar entry?

As the firm’s tests indicated: apparently not.

How to Help Stop This Scam

While Google is still working on a fix - after finally acknowledging the issue, that is - there are a few things that your users can do to help prevent this scheme from taking advantage of your business. They need to disable any events from Gmail being added to the Calendar automatically, and they also need to disable any event invitations from being automatically added as well.

These options can be found in Settings in the Google Calendar application. Under Event settings, deselect the option for Events from Gmail to “Automatically add events from Gmail to my calendar.” You also need to change the Automatically add invitations option to “No, only show invitations to which I have responded.”

Hopefully, enacting this will keep you from experiencing a phishing attack from an unexpected source - your agenda. Subscribe to our blog for more information about optimizing your IT (and its security), and for more assistance, give Central Technology Solutions a call at 1-844-237-4300.

Cybersecurity Insurance Gaining Steam
How to Keep Your Employees from Burning Out


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Wednesday, August 05 2020

Captcha Image

By accepting you will be accessing a service provided by a third-party external to

Join our mailing list!

  • Company Name *
  • First Name *
  • Last Name *

      Mobile? Grab this Article!

      QR-Code dieser Seite

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Productivity Cloud Data Hosted Solutions Privacy Network Security IT Services Data Backup Email Internet Malware Hackers Software IT Support Efficiency Business Outsourced IT Innovation Microsoft Mobile Devices Productivity Computer Hardware Data Recovery Managed IT Services Small Business Upgrade Business Continuity IT Support Google Backup Cloud Computing Cybersecurity Ransomware Collaboration Phishing Smartphone Tech Term User Tips Communication Managed IT Services Business Management Workplace Tips Managed Service Provider Disaster Recovery VoIP Windows 10 Mobile Device Internet of Things Managed Service Smartphones Android Data Management Quick Tips Social Media Paperless Office Remote Monitoring Network Facebook Browser Encryption Saving Money Managed IT communications Office 365 Windows 10 Windows Artificial Intelligence Server Save Money Miscellaneous Business Technology Virtualization BDR BYOD Wi-Fi Compliance Covid-19 Holiday Risk Management Passwords Help Desk Users Healthcare Vendor Management Health Office Remote Work Government Password Document Management Microsoft Office Apps Mobile Device Management Automation App Windows 7 Training Big Data Chrome Laptops Bring Your Own Device Robot Going Green Employer-Employee Relationship Bandwidth Unified Threat Management Applications Data Security Analytics Gmail Content Filtering Recovery Firewall Avoiding Downtime IT Management Redundancy Mobility File Sharing Tip of the week Money Data storage Scam Blockchain Computing Project Management Antivirus Telephone Systems SaaS Regulations Hosted Solution Information Technology Infrastructure Website Wireless Computers Data loss Vulnerability Storage Information Two-factor Authentication Apple Processor Company Culture Customer Service Machine Learning RMM Unified Communications Virtual Reality Tablet Meetings Proactive Access Control VPN Files Downtime Budget Employee-Employer Relationship IT Service Customer Relationship Management Printing Operating System Virtual Private Network Politics Work/Life Balance Remote Computing Hard Drive Settings Software as a Service IoT Router Flexibility OneDrive Maintenance Social Gadgets Professional Services Managed Services Word Search Solid State Drive Recycling Current Events Wireless Technology Legal Utility Computing Consulting Upgrades Internet Exlporer Twitter Spam HIPAA Remote Worker WiFi YouTube Cooperation Managed Services Provider Mobile Security Display Bitcoin Time Management Networking End of Support Patch Management Management Administration Private Cloud Remote Monitoring and Management Education Outlook Social Network Tech Support Data Breach LiFi Mouse Monitors Mobile Office Alert Network Management Electronic Medical Records Remote Workers File Management Assessment IT solutions Dark Web Digital Payment Augmented Reality Google Drive How To Websites Identity Theft Server Management How To Samsung Payment Cards The Internet of Things Business Growth Licensing Consultation Sports Uninterrupted Power Supply Electronic Health Records Smart Technology Mobile Computing Data Storage Co-Managed IT Chromebook Monitoring Employees Net Neutrality Hacker Black Market Gadget Superfish Conferencing Microsoft Excel Modem Deep Learning Wireless Internet Business Telephone Automobile Computer Care Asset Tracking Multi-Factor Security Wearable Technology User Management Cyberattacks Distributed Denial of Service Annual Convention CRM Manufacturing Optimization Bluetooth MSP Printer Alerts Writing Security Cameras Emoji Comparison Identity Remote Working Transportation Mobile VoIP GPS Proactive IT Development Zero-Day Threat Alt Codes Network Congestion Biometric Spyware Course Cryptocurrency Virtual Assistant Vendor Managing Stress Instant Messaging Cookies Computer Repair Employer/Employee Relationships IT Assessment Shortcut OneNote Google Calendar Retail Cortana Batteries Crowdsourcing Firefox eWaste Read Only Managed IT Service San Diego Physical Security Hard Disk Drives Virtual Machines Supercomputer Tech Terms History Specifications Hacks 3D Printing Cyber security Tracking Heating/Cooling IT Consulting Cables Backup and Disaster Recovery Typing Projects Gamification G Suite IT Technicians Wasting Time Processors Smart Devices Taxes Enterprise Content Management Finance Permissions Nanotechnology Best Practice Proactive Maintenance Digitize WannaCry Google Maps Legislation ROI Break Fix Social Networking Office Tips Solid State Drives Credit Cards IT Budget Hacking Theft SharePoint Staff Cabling Cost Management E-Commerce Black Friday Roanoke — Central Technology Solutions Peripheral Unsupported Software Teamwork Virus Servers Wires Human Error Unified Threat Management Hotspot Update Return on Investment Mirgation Windows 8 Save Time Database Sensors Vulnerabilities Authentication Fraud Screen Reader Database Management Shadow IT Connectivity Virtual Desktop Social Engineering Notes USB Point of Sale Enterprise Resource Planning Bookmarks Motherboard Options Holidays Disaster Trending WPA3 Financial Downloads Identities Cybercrime Mail Merge Features Cyber Monday technology services provider PCI DSS Mobile Data Shared resources Windows Server 2008 Technology Laws Permission User Error Language Active Directory Migration Outsource IT Voice over Internet Protocol Telephony Touchscreen Techology Geography Authorization Smart Tech Google Wallet GDPR Outsourcing Sync VoIP Sponsor Safety PowerPoint Value of Managed Services Law Enforcement Lenovo Mobile Favorites Data Warehousing Dark Data Personal Information 5G IT Public Cloud Fleet Tracking Procurement Operations Hard Drives Google Docs Travel Marketing Address Cache Technology Assurance Group ’s 18 Humor Botnet Statistics Test Computing Infrastructure Windows Server Technology Tips Chatbots Laptop Backups Notifications Telephone Buisness Disaster Resistance High-Speed Internet Drones Video Conferencing Mobile Device Managment Digital Software Tips Obstacle Star Wars Cameras Motion Sickness CCTV Administrator Hard Disk Drive Relocation Students Webcam Emergency Printers CrashOverride IT Consultant Error Web Server Regulation