It feels like another day, another scam, as thousands of Gmail users are reportedly being targeted by hackers. With Google Calendar being available in 41 different languages and used by over 500 million people, a security breach could lead to major ramifications.
Security researchers at Check Point warn that cybercriminals are targeting Google tools like Google Calendar and Google Drawings. When it comes to Google Calendar, they're using calendar invites and the calendar file .ics to try and steal your personal data. This is working a little too well because Gmail users trust Google Calendar notifications.
It all starts when you receive a legitimate-looking calendar invite and press 'accept'. Without knowing, you've just let hackers into your personal life.
Advert
After being taken through to a Google Forms or Google Drawings Link, you're then fooled with a fake reCAPTCHA or support button.
You're told to look out for what looks like a cryptocurrency mining landing page or Bitcoin support page where you're asked to complete a faked authentication process, input your details, and then payment information.
The scam email involves cybercriminals modifying 'sender' headings to masquerade as an official Google Calendar invite from a 'known and legitimate individual'.
Check Point reports that around 300 brands have been affected, with over 4,000 phishing emails being delivered in just four weeks.
Advert
As these emails look like they originate from Google Calendar, it's easy to fall for the scam.
By clicking on malicious links or attachments, we're giving hackers an open door into everything from personal details to financials. Check Point writes: "After an individual unwittingly discloses sensitive data, the details are then applied to financial scams, where cyber criminals may engage in credit card fraud, unauthorized transactions or similar, illicit activities.
"The stolen information may also be used to bypass security measures on other accounts, leading to further compromise."
Advert
It might seem easy to avoid this kind of scam when it comes to inputting financials, but we all know it's not difficult to get caught up in these schemes.
Thankfully, there's a relatively simple way to get around this, with Check Point advising us to turn on the 'known senders' setting: "This setting helps defend against this type of phishing by alerting the user when they receive an invitation from someone not in their contact list and/or they have not interacted with from their email address in the past."
To enable the 'known senders' setting, open Google Calendar and head to the Settings menu. Under general, select Event Settings and Add invitations to my calendar.
Choose the 'only if the sender is known option - "Events are automatically added to your calendar if the sender is in your contacts, part of your organization, or someone you previously interacted with."
Advert
As email scams become more sophisticated, we have to remain more vigilant than ever. If something seems a little suspicious, it's better to be safe than sorry.