New Phishing Scam Found On Google Calendar, But You Can Protect Yourself

Ravi Singh


Attackers have come up with a new technique to steal users’ information by sending a phishing link via an unexpected tool – Google Calendar.

Phishing scam was once the most typical types of cyberattacks. Besides proactive action from email services to automatically recognize and flag suspicious phishing links, users’ awareness in this issue has also improved, making them avoid clicking on any link sent to the email that announces they have just won something.

Unfortunately, attackers have come up with a new technique to steal users’ information by sending a phishing link via an unexpected tool – Google Calendar. Kaspersky Labs’ security experts have figured out that victims could receive event invitations including phishing links via the free calendar service.

A new phishing scam has been discovered on Google Calendar

When someone sends an event invitation, it is automatically added to the calendar of the receiver in the default settings. This also triggers an email notification about the event entry being added to the calendar. We all know that Gmail can recognize any phishing link from distrustful email addresses. However, the point is that it causes no doubt here since the email comes from a Google service.

As Kaspersky reported, attackers have taken advantage of this default feature for their evil purpose since May. Google Calendar users would be notified when there is a new event added. In most cases, the user who receives that notification tends to click on that link. According to Kaspersky’s research, the majority of phishing links would lead to a fake site to harvest users’ private information.

After accessing the link, they might be required to fill in a survey running prize money. When they finish the survey, that fraudulent website would ask them to provide their credit card number with personal information such as full name, email address, and phone number.

Google cannot detect this scam as the invitations come from its own service

How To Protect Yourself From Phishing Scam Via Google Calendar Invitations?

In fact, to avoid becoming a victim of this phishing scam is not something too difficult. First of all, do not click on any random link from an unknown account at all costs. This way you can avoid most of the phishing scams.

In addition, Google Calendar users can also protect themselves from unwanted invitations by changing its default settings. In Google Calendar, go to Settings, click Event Settings, and then choose Automatically Add Invitations. From the drop-down list, choose "No, only show invitations to which I've responded." Next, choose the Also option from View Options, untick “Show declined events”. This step would prevent those malicious events from appearing on your calendar.

Last but not least, try not to provide personal information for any forum or website, especially those abnormal messages sent to your mailbox informing that you have won something.

Next Story