Google Calendar Phishing, the Latest Breakthrough of Scam
Cybercriminals always find breakthrough to defraud, steal money, and obtain data from their victims. Who would have thought this time they take advantage of the Google Calendar feature to launch their actions. How does the modus operandi work?
First, the perpetrators sent blast invitations through Google Calendar to users. Through the invitation, the perpetrators embed an URL link and encourage users to click it. The link redirects the users to a website where they are encouraged to fill in a questionnaire with prizes. The questionnaire requires the users to provide credentials and personal data.
The modus looks pretty simple. However, if the users fall to the fraudulent scenario, then it will be disasters for them. The perpetrator will use such data to rob their money or to launch other fraudulent scenarios.
“The ‘calendar scam’, is a very effective scheme, as currently people have more or less got used to receiving spam messages from e-mails or messengers and do not immediately trust them. But this may not be the case when it comes to the Calendar app, which has a main purpose of organizing information rather than transferring it,” said Maria Vergelis as quoted from Kaspersky’s press release.
Fortunately, users can protect themselves from fraudulent invitation without deleting Google Calendar by following these steps:
– Enter Google Calendar
– Select Settings
– In Event settings, see option ‘Automatically add invitations,’ then select “No, only show invitations to which I’ve responded.”
– In the View option, make sure that “Show declined events” is unchecked
Photo by: Keso/Flickr