Cybercriminals always find breakthrough to defraud, steal money, and obtain data from their victims. Who would have thought this time they take advantage of the Google Calendar feature to launch their actions. How does the modus operandi work?

First, the perpetrators sent blast invitations through Google Calendar to users. Through the invitation, the perpetrators embed an URL link and encourage users to click it. The link redirects the users to a website where they are encouraged to fill in a questionnaire with prizes. The questionnaire requires the users to provide credentials and personal data.

Read More:

Phishing: How Fraudsters Hack Your Companies through Your Employees

Email Business Compromise (BEC) Increases by 28%, Is Your Company Safe?

The modus looks pretty simple. However, if the users fall to the fraudulent scenario, then it will be disasters for them. The perpetrator will use such data to rob their money or to launch other fraudulent scenarios.

“The ‘calendar scam’, is a very effective scheme, as currently people have more or less got used to receiving spam messages from e-mails or messengers and do not immediately trust them. But this may not be the case when it comes to the Calendar app, which has a main purpose of organizing information rather than transferring it,” said Maria Vergelis as quoted from Kaspersky’s press release.

Fortunately, users can protect themselves from fraudulent invitation without deleting Google Calendar by following these steps:
– Enter Google Calendar
– Select Settings
– In Event settings, see option ‘Automatically add invitations,’ then select “No, only show invitations to which I’ve responded.”
– In the View option, make sure that “Show declined events” is unchecked

Photo by: Keso/Flickr