A recent warning from security researchers cautions people against opening or responding to unsolicited Google Calendar notifications.
Around the world, 1.5 billion people use Gmail, and nearly as many people have downloaded the calendar app from the Google Play Store.
Hackers have turned to calendar invites as an attack vector because trust and familiarity with the format prompt people to mindlessly accept invitations. A meeting invite means that someone has something important to say to you, right? Seems like a no-brainer. Wrong.
Within the invitations, hackers have been sending users phony links that direct people towards malicious sites.
“In most cases, users who clicked on the link saw an opportunity to win a “prize” if they input their payment information into the page. When that happened, the only “prize” was a stolen credit card number”
Communicating with your colleagues and employees about these attacks will reduce the likelihood of their falling victim to the ruse. Things to mention include:
- Do not click on links from unknown sources. If you do not know the person, and there seems to be no reason for the email (you’re not planning to work with an NGO overseas in the upcoming months…etc.), toss it in your spam folder or delete it.
- Unless you can verify that a website is legitimate (ex. it has accreditation from the Better Business Bureau), do not disclose personal information on the internet.
- Most importantly, disable the feature that automatically adds calendar invitations to your Google Calendar, minimizing your vulnerability as an attack target.
Get the full story from Forbes.