1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Important 1.5 Billion Gmail Calendar Users are the Target of a Crafty New Phishing Scam

Discussion in 'General Malware And Security' started by Rustys, Jul 1, 2019.

  1. Rustys

    Rustys Super-Moderator Super Moderators

    Joined:
    Feb 29, 2016
    Messages:
    1,526
    Location:
    127.0.0.1
    Operating System:
    Linux Based
    Computer Brand or Motherboard:
    Compaq H3900 (Windows 2002)
    CPU:
    Intel (R) PXA250
    Memory:
    64 MB RAM 48 MB ROM
    Hard Drive:
    Yes
    Graphics Card:
    4 D
    Power Supply:
    Solar
    Users of Google’s Calendar app are being warned about a scam that takes advantage of the popularity of the free service and its ability to schedule meetings easily.

    In business, we schedule meetings all the time. One-off calls, recurring weekly updates, and the like. The latest warning from researchers at Kaspersky indicates the bad guys are using unsolicited Google Calendar notifications to trick user into clicking phishing links.

    Here’s how it works:

    Scammers send a Google user a calendar invite complete with meeting topic and location information. Inside the details of the appointment lies a malicious link that looks like it’s pointing you back to meet.google.com for more details. Once clicked, it’s back to the usual tactics of trying to infect the user’s endpoint with malware and so on.

    b46e2713826c675a72e4bcdb77d22a12.png


    This kind of attack has a massive attack surface, given the number of users utilizing Google’s Calendar service. It also has that contextual appeal by being hidden within a meeting invite and uses a seemingly valid URL for more information.

    Users have long been warned about their interaction with email and the web. Now it’s important to add Calendar invites to the list. Organizations utilizing Security Awareness Training have users that are continually up to date on the latest attack types. This latest method demonstrates how attackers are continually updating their tactics, requiring organizations to remain equally persistently educated to enable users to make smarter security decisions.
     

Share This Page