1.5 Billion Gmail Calendar Users Succumb To Crafty New Phishing Scam


Users of Google’s Calendar app are being warned about a scam that takes advantage of the popularity of the free service and its ability to schedule meetings easily.

In business, we schedule meetings all the time. One-off calls, recurring weekly updates, and the like. The latest warning from researchers at Kaspersky indicates the bad guys are using unsolicited Google Calendar notifications to trick user into clicking phishing links.

Here’s how it works:

Scammers send a Google user a calendar invite complete with meeting topic and location information. Inside the details of the appointment lies a malicious link that looks like it’s pointing you back to meet.google.com for more details.

Once clicked, it’s back to the usual tactics of trying to infect the user’s endpoint with malware and so on.

This kind of attack has a massive attack surface, given the number of users utilizing Google’s Calendar service. It also has that contextual appeal by being hidden within a meeting invite and uses a seemingly valid URL for more information.

Users have long been warned about their interaction with email and the web. Now it’s important to add Calendar invites to the list. Organizations that use security awareness training have users that are continually up to date on the latest attack types. This latest method demonstrates how attackers are always updating their tactics, requiring you to be equally persistent and enable your users to make smarter security decisions. Link to warning:
https://blog.knowbe4.com/1.5-billion-gmail-calendar-users-are-the-target-of-a-crafty-new-phishing-scam