Get Started Today!  (415) 295-4898

croom new

415 IT Blog

Don’t Be Snagged by This Google Calendar Phishing Scam

Don’t Be Snagged by This Google Calendar Phishing Scam

Gmail and the applications associated with it seem to have some level of inherent trust among users. We just don’t anticipate threats to come in via something from Google. However, it does happen, as a recent spat of phishing has shown using Gmail and Google Calendar. What’s worse, this particular scam has been around for some time.

We’ll review how the scam works, and what can be done to protect your business from its effects. 

How This Scam Works

Let’s outline the scenario: a user logs into their Google account and finds an invite for a Google Calendar event. The invite is for a crucial company-wide meeting - apparently to discuss a new vision for the company, changes to policies moving forward, that kind of thing - that is scheduled to take place at the end of the day. A link is included for the complete agenda to the meeting. Clicking the link brings the user to an authentication page, where the user inputs their credentials.

Uh oh… the user was caught up in the scam.

This scam is unnervingly simple to enact. An invite is sent to a user for a calendar event, which is automatically added, and the user notified. In that notification, a scammer includes fraudulent links to a facsimile Google login page - which is actually just a means for a hacker to steal the user’s credentials. Sometimes, this link will just allow malware to install itself on the user’s systems.

Some attackers have fooled personal users by claiming that they won a cash prize - informing them through the fraudulent calendar entry.

How This Was Discovered

This scam was actually first reported back in 2017 by researchers at an IT security firm, but no apparent steps to resolve it were taken by Google.

One of the researchers noticed that an unfamiliar calendar event had been added to their Calendar when another user at the firm shared an upcoming flight itinerary through Gmail. However, the event was automatically added to the researcher’s calendar. Digging deeper into the implications this accident brought up, the firm realized that an email doesn’t need to be sent to add an event to someone’s calendar. Then came the thought: sure, we all know to look for phishing in our emails, but would we ever question a Calendar entry?

As the firm’s tests indicated: apparently not.

How to Help Stop This Scam

While Google is still working on a fix - after finally acknowledging the issue, that is - there are a few things that your users can do to help prevent this scheme from taking advantage of your business. They need to disable any events from Gmail being added to the Calendar automatically, and they also need to disable any event invitations from being automatically added as well.

These options can be found in Settings in the Google Calendar application. Under Event settings, deselect the option for Events from Gmail to “Automatically add events from Gmail to my calendar.” You also need to change the Automatically add invitations option to “No, only show invitations to which I have responded.”

Hopefully, enacting this will keep you from experiencing a phishing attack from an unexpected source - your agenda. Subscribe to our blog for more information about optimizing your IT (and its security), and for more assistance, give 415 IT a call at (415) 295-4898.

Cybersecurity Insurance Gaining Steam
How to Keep Your Employees from Burning Out
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, May 30 2020

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://web.415it.com/

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Productivity Technology Best Practices Business Computing Data Backup Data IT Support Privacy Network Security Hosted Solutions Cloud IT Services Data Recovery Software Efficiency Managed IT Services Internet Email Malware Outsourced IT Innovation Business Small Business Tech Term Cloud Computing Upgrade Hackers Cybersecurity Business Management Collaboration User Tips Computer Windows 10 Microsoft Mobile Devices Google Hardware Business Continuity Phishing Communication Managed Service Ransomware Workplace Tips VoIp Paperless Office Android Backup Managed Service Provider Smartphones Communications Encryption Quick Tips Office 365 Server Remote Monitoring Data Management Managed IT Mobile Device Disaster Recovery Network Windows 7 Browser Healthcare Saving Money Artificial Intelligence Holiday Business Technology Vulnerability Internet of Things Wi-Fi BDR Passwords Applications Save Money Social Media Facebook Smartphone Help Desk Remote Work Compliance Miscellaneous Laptops Managed IT services Government Document Management Bandwidth Vendor Management Automation Avoiding Downtime Microsoft Office Blockchain Information Antivirus Users Data Security Virtualization Employer-Employee Relationship Project Management Processor Two-factor Authentication Scam Redundancy Tip of the week Health BYOD IT Management Router OneDrive Access Control Storage Virtual Private Network Customer Relationship Management RMM Windows Infrastructure Machine Learning Software as a Service Proactive Meetings Website Company Culture Data Loss Chrome Maintenance Analytics Mobility VPN IoT Management Employee-Employer Relationship Payment Cards Co-Managed IT Server Management Networking Mobile Security File Sharing Flexibility Hard Drive Search Unified Communications Managed Services Provider Remote Workers Gadgets Apps Professional Services Training Assessment Managed Services Files The Internet of Things Bring Your Own Device Gmail HIPAA Utility Computing Risk Management Network Management Cooperation Consultation Word Net Neutrality Monitoring Patch Management Recycling Time Management Tablet Password Social Network Internet Exlporer Financial Dark Web Augmented Reality Remote Monitoring and Management Operating System Covid-19 Smart Technology Unified Threat Management Computing Office Alert Employees Electronic Health Records File Management Regulations Consulting Downtime Chatbots Voice over Internet Protocol Bluetooth Projects Outsource IT Outlook Disaster Resistance Comparison Licensing Nanotechnology Wires Bookmarks ROI Recovery Solid State Drives Emergency Multi-Factor Security Fleet Tracking Zero-Day Threat PowerPoint Display Outsourcing Technology Tips Mobile Computing Cyberattacks Social Value of Managed Services Printer Data Warehousing Mirgation Legislation Spam Enterprise Content Management Mobile Device Management Teamwork Information Technology Unified Threat Management Distributed Denial of Service Wearable Technology Star Wars Customer Service Cybercrime Cyber security IT Identity Theft Enterprise Resource Planning Wireless Return on Investment Laptop Shortcut Proactive IT Specifications App Favorites Options Telephone Optimization Asset Tracking Backup and Disaster Recovery Websites Video Conferencing Digital Payment Hotspot Geography Read Only Security Cameras Operations Cache Business Telephone Lenovo Social Networking Point of Sale Tech Terms Shared resources Going Green Managed IT Service MSP Finance Database Management Identity Settings Personal Information Remote Working IT Consulting Black Friday Screen Reader Conferencing 5G Mobile VoIP Virtual Machines Samsung Human Error Virtual Assistant SaaS Bitcoin Biometric Mouse Language Modem High-Speed Internet Printing Manufacturing Vendor SharePoint Money Remote Computing IT Assessment Superfish G Suite E-Commerce Theft Batteries Mail Merge User Error Break Fix Tech Support Authentication GDPR Permissions Mobile Electronic Medical Records Touchscreen Transportation Hacking Active Directory Budget Data Breach Cyber Monday Staff Smart Tech Wireless Internet Big Data Credit Cards OneNote Permission Wasting Time Current Events Gamification Computing Infrastructure Development Remote Worker Smart Devices Downloads Microsoft Excel Heating/Cooling Digitize Motherboard Chromebook Features CIO applications Address WiFi IT Technicians Cost Management Authorization Google Calendar Fraud Trending Windows Server Connectivity Politics Employer/Employee Relationships Apple Computers Migration eWaste How To Test Database Statistics Mobile Office Techology Alerts Cookies Cables Private Cloud Hard Disk Drives Sensors Windows Server 2008 Notes Servers Shadow IT Travel Vulnerabilities Procurement Virtual Reality WPA3 Managing Stress User Management Technology Laws Firewall Instant Messaging Proactive Maintenance Solid State Drive Holidays Daniel Stevens Marketing Printers Education CEO Twitter Students Regulation

Latest Blog

While all a business’ technology solutions are important, some are bound to take priority over the others, especially when certain ones become an industry-wide focus. A recent survey evaluated the top concerns of small-to-medium-sized businesses for the coming year. The resu...

Latest News

We are proud to announce that 415 IT and our CEO, Daniel Stevens, were recently featured by CIO Applications. We discussed how and why we serve our clients, as well as some sneak peeks for our future. Read our interview by visiting:  https:...