Have any question?

Text or Call (954) 573-1300

Blog

LSeven Solutions Blog

LSeven Solutions has been serving the Fort Lauderdale area since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Don’t Be Snagged by This Google Calendar Phishing Scam

Don’t Be Snagged by This Google Calendar Phishing Scam

Gmail and the applications associated with it seem to have some level of inherent trust among users. We just don’t anticipate threats to come in via something from Google. However, it does happen, as a recent spat of phishing has shown using Gmail and Google Calendar. What’s worse, this particular scam has been around for some time.

We’ll review how the scam works, and what can be done to protect your business from its effects. 

How This Scam Works

Let’s outline the scenario: a user logs into their Google account and finds an invite for a Google Calendar event. The invite is for a crucial company-wide meeting - apparently to discuss a new vision for the company, changes to policies moving forward, that kind of thing - that is scheduled to take place at the end of the day. A link is included for the complete agenda to the meeting. Clicking the link brings the user to an authentication page, where the user inputs their credentials.

Uh oh… the user was caught up in the scam.

This scam is unnervingly simple to enact. An invite is sent to a user for a calendar event, which is automatically added, and the user notified. In that notification, a scammer includes fraudulent links to a facsimile Google login page - which is actually just a means for a hacker to steal the user’s credentials. Sometimes, this link will just allow malware to install itself on the user’s systems.

Some attackers have fooled personal users by claiming that they won a cash prize - informing them through the fraudulent calendar entry.

How This Was Discovered

This scam was actually first reported back in 2017 by researchers at an IT security firm, but no apparent steps to resolve it were taken by Google.

One of the researchers noticed that an unfamiliar calendar event had been added to their Calendar when another user at the firm shared an upcoming flight itinerary through Gmail. However, the event was automatically added to the researcher’s calendar. Digging deeper into the implications this accident brought up, the firm realized that an email doesn’t need to be sent to add an event to someone’s calendar. Then came the thought: sure, we all know to look for phishing in our emails, but would we ever question a Calendar entry?

As the firm’s tests indicated: apparently not.

How to Help Stop This Scam

While Google is still working on a fix - after finally acknowledging the issue, that is - there are a few things that your users can do to help prevent this scheme from taking advantage of your business. They need to disable any events from Gmail being added to the Calendar automatically, and they also need to disable any event invitations from being automatically added as well.

These options can be found in Settings in the Google Calendar application. Under Event settings, deselect the option for Events from Gmail to “Automatically add events from Gmail to my calendar.” You also need to change the Automatically add invitations option to “No, only show invitations to which I have responded.”

Hopefully, enacting this will keep you from experiencing a phishing attack from an unexpected source - your agenda. Subscribe to our blog for more information about optimizing your IT (and its security), and for more assistance, give L7 Solutions a call at (954) 573-1300.

Cybersecurity Insurance Gaining Steam
How to Keep Your Employees from Burning Out
 

Comments 1

Deborah Dickson on Tuesday, 22 October 2019 17:35

This is an knowledgeable post. I like it so much and impressed https://awriter.org/edubirdie-com-review/ your work. I want more similar topics about this post for increase our knowledge. Thanks.

This is an knowledgeable post. I like it so much and impressed [url=https://awriter.org/edubirdie-com-review/]https://awriter.org/edubirdie-com-review/[/url] your work. I want more similar topics about this post for increase our knowledge. Thanks.
<br />
<b>Warning</b>:  Attempt to read property /home/l7solutions/public_html/templates/ati/html/com_easyblog/comments/form.php on line 20
Guest"/>
Already Registered? Login Here
Friday, 15 November 2024

Warning: Undefined variable $registration in /home/l7solutions/public_html/templates/ati/html/com_easyblog/comments/form.php on line 57

Warning: Undefined variable $registration in /home/l7solutions/public_html/templates/ati/html/com_easyblog/comments/form.php on line 91

Captcha Image

Customer Login

Customer Feedback

News & Updates

If you feel like you have too many browser tabs open at any given time, then you'll be happy to know that you can sometimes save certain browser tabs as a standalone application on your device. This will give them their own icon and make accessing th...

Contact Us

Learn more about what L7 Solutions can do for your business.

L7 Solutions
7890 Peters Road Building G102,
Plantation, Florida 33324