Contact Us Today! 1-844-237-4300

Central Technology Solutions Blog

Don’t Be Snagged by This Google Calendar Phishing Scam

Don’t Be Snagged by This Google Calendar Phishing Scam

Gmail and the applications associated with it seem to have some level of inherent trust among users. We just don’t anticipate threats to come in via something from Google. However, it does happen, as a recent spat of phishing has shown using Gmail and Google Calendar. What’s worse, this particular scam has been around for some time.

We’ll review how the scam works, and what can be done to protect your business from its effects. 

How This Scam Works

Let’s outline the scenario: a user logs into their Google account and finds an invite for a Google Calendar event. The invite is for a crucial company-wide meeting - apparently to discuss a new vision for the company, changes to policies moving forward, that kind of thing - that is scheduled to take place at the end of the day. A link is included for the complete agenda to the meeting. Clicking the link brings the user to an authentication page, where the user inputs their credentials.

Uh oh… the user was caught up in the scam.

This scam is unnervingly simple to enact. An invite is sent to a user for a calendar event, which is automatically added, and the user notified. In that notification, a scammer includes fraudulent links to a facsimile Google login page - which is actually just a means for a hacker to steal the user’s credentials. Sometimes, this link will just allow malware to install itself on the user’s systems.

Some attackers have fooled personal users by claiming that they won a cash prize - informing them through the fraudulent calendar entry.

How This Was Discovered

This scam was actually first reported back in 2017 by researchers at an IT security firm, but no apparent steps to resolve it were taken by Google.

One of the researchers noticed that an unfamiliar calendar event had been added to their Calendar when another user at the firm shared an upcoming flight itinerary through Gmail. However, the event was automatically added to the researcher’s calendar. Digging deeper into the implications this accident brought up, the firm realized that an email doesn’t need to be sent to add an event to someone’s calendar. Then came the thought: sure, we all know to look for phishing in our emails, but would we ever question a Calendar entry?

As the firm’s tests indicated: apparently not.

How to Help Stop This Scam

While Google is still working on a fix - after finally acknowledging the issue, that is - there are a few things that your users can do to help prevent this scheme from taking advantage of your business. They need to disable any events from Gmail being added to the Calendar automatically, and they also need to disable any event invitations from being automatically added as well.

These options can be found in Settings in the Google Calendar application. Under Event settings, deselect the option for Events from Gmail to “Automatically add events from Gmail to my calendar.” You also need to change the Automatically add invitations option to “No, only show invitations to which I have responded.”

Hopefully, enacting this will keep you from experiencing a phishing attack from an unexpected source - your agenda. Subscribe to our blog for more information about optimizing your IT (and its security), and for more assistance, give Central Technology Solutions a call at 1-844-237-4300.

Cybersecurity Insurance Gaining Steam
How to Keep Your Employees from Burning Out
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, November 22 2019

Captcha Image

Join our mailing list!

  • Company Name *
  • First Name *
  • Last Name *

      Mobile? Grab this Article!

      QR-Code dieser Seite

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Productivity Hosted Solutions Network Security Email IT Services Data Privacy Data Backup Malware Internet Hackers Software Outsourced IT Productivity Managed IT Services Innovation Computer Microsoft Data Recovery Business IT Support Hardware IT Support Efficiency Ransomware Mobile Devices Google Tech Term User Tips Business Continuity Cloud Computing Backup Small Business Upgrade Communication Collaboration Internet of Things Phishing Windows 10 Managed IT Services Cybersecurity Managed Service Provider Android Business Management Disaster Recovery VoIP Remote Monitoring Workplace Tips Paperless Office Smartphone Smartphones communications Save Money Artificial Intelligence Encryption Managed Service Data Management Social Media Windows 10 Managed IT Windows Mobile Device Browser Server Office 365 Help Desk Facebook BYOD Saving Money Risk Management BDR Passwords Holiday App Mobile Device Management Government Wi-Fi Document Management Quick Tips Miscellaneous Business Technology Apps Automation Password Avoiding Downtime Big Data Network Firewall Unified Threat Management Employer-Employee Relationship Chrome Robot Compliance Bandwidth Bring Your Own Device Training Going Green Laptops Vendor Management Microsoft Office Recovery Gmail Virtualization Healthcare Applications Analytics Redundancy Tip of the week Scam Apple Project Management Antivirus Information Infrastructure SaaS Telephone Systems Money Data loss Vulnerability Hosted Solution Data storage Windows 7 Processor Website Blockchain Wireless File Sharing Content Filtering IT Management Settings Gadgets Customer Service Two-factor Authentication Politics Router VPN Virtual Reality Unified Communications Social Users Work/Life Balance Customer Relationship Management Downtime Data Security Regulations Computing Office IT Service Access Control RMM Computers Machine Learning Mobility Information Technology Operating System Printing Storage Tablet Files Remote Computing Remote Monitoring and Management Chromebook Management Dark Web Flexibility Private Cloud Business Growth Software as a Service Remote Workers Tech Support The Internet of Things File Management Mobile Computing Hard Drive Smart Technology Digital Payment Upgrades Maintenance Hacker Patch Management Spam IoT Solid State Drive Websites Identity Theft Networking Twitter Net Neutrality Wireless Technology Legal YouTube Current Events Licensing WiFi Virtual Private Network Display OneDrive End of Support Health Monitoring Network Management Internet Exlporer Employees Administration HIPAA Professional Services Assessment Company Culture How To Monitors LiFi Recycling Server Management Education Cooperation Budget Electronic Medical Records Utility Computing Bitcoin Alert Mobile Security IT solutions Consultation Uninterrupted Power Supply Mouse Outlook Proactive How To Samsung Sports Employee-Employer Relationship Google Drive Word Search Downloads Augmented Reality Theft Taxes ROI Remote Work Motherboard Google Maps Solid State Drives Bluetooth Marketing Return on Investment Spyware Course Buisness Cost Management Cyber Monday E-Commerce technology services provider IT Budget Teamwork Proactive IT Notifications User Error Wires Language Google Wallet Human Error Connectivity Hard Drives Migration Google Docs Database Sensors Black Market Vulnerabilities Authentication Smart Tech Cabling Database Management Shortcut WPA3 Operations Financial Notes Firefox Writing Emoji Enterprise Resource Planning Data Warehousing Bookmarks Humor Options Active Directory Network Congestion Features Technology Assurance Group ’s 18 Backups Shared resources Heating/Cooling IT Consulting Computing Infrastructure Drones Permission Point of Sale WannaCry Computer Repair Technology Tips Chatbots Voice over Internet Protocol Payment Cards Time Management Deep Learning Geography Authorization Cybercrime GDPR Multi-Factor Security Fleet Tracking Wearable Technology Procurement Telephony PowerPoint Value of Managed Services Retail Cortana Mobile Microsoft Excel Favorites Modem Sync 5G Hacking Physical Security Windows Server Cache Distributed Denial of Service Electronic Health Records Annual Convention Public Cloud Servers Data Breach 3D Printing Printer Alt Codes Alerts Test Law Enforcement Star Wars Comparison Cryptocurrency Identity Botnet Telephone Processors High-Speed Internet Travel Google Calendar Asset Tracking Managed Services Conferencing Cookies Mobile Device Managment Software Tips Wireless Internet Disaster Trending Office Tips Gadget Security Cameras User Management Mail Merge Update Managed IT Service Hacks Cyberattacks San Diego Automobile Computer Care Manufacturing Technology Laws Unsupported Software Virus Typing MSP VoIP Sponsor Specifications Consulting Transportation Mobile VoIP Touchscreen Techology Virtual Desktop Best Practice Development Zero-Day Threat Legislation OneNote IT Technicians GPS Virtual Assistant Vendor Lenovo Social Engineering USB Managing Stress Permissions Instant Messaging Nanotechnology Employer/Employee Relationships Tech Terms Remote Worker Batteries Address eWaste Break Fix Read Only Social Networking Hard Disk Drives Statistics Mobile Data SharePoint Staff Projects Digital Obstacle Black Friday Windows 8 Managed Services Provider Roanoke — Central Technology Solutions Save Time Supercomputer Cyber security Disaster Resistance Unified Threat Management Cables Hotspot Backup and Disaster Recovery Crowdsourcing Meetings Dark Data Personal Information Identities Mirgation Tracking Wasting Time Smart Devices Superfish Safety Enterprise Content Management Fraud Finance Screen Reader G Suite History Proactive Maintenance Printers Webcam Hard Disk Drive IT Consultant Error Emergency CrashOverride Regulation Web Server Cameras Motion Sickness CCTV Administrator Relocation Students