
Gmail Calendar Alert Phishing : Gmail and Google Calendar Alerts
Gmail Calendar Alert Phishing alerts used for phishing scams have become more sophisticated by taking advantage of the trust people place on these platforms. Here’s a summary of those recent results:
Calendar Invite Phishing: Cybercriminals abuse Google Calendar to send phishing emails disguised as calendar invites Calendar invites are typically harmless, but these emails should be treated with suspicion as they may contain links to malicious sites or requests for sensitive information disguised as legitimate calendar events. Attackers, for example, could fake calendar invites asking users to click on links to phoney Google Forms or Google Drawings, where they are then asked to enter personal or financial information.
If an event is added to your events (they may have included a link), it could be automatically added to your calendar. Scammers send calendar invites with embedded phishing links. Provided users haven’t changed their settings, those events are then automatically added to their calendars, which can prompt alerts that might seem legitimate, increasing the chances of users clicking on the harmful links.
Impersonation and Brand Abuse: These types of attacks generally impersonate popular brands, and cyber researchers have recorded the mimic of some 300 brands in such schemes. That makes these emails seem more legitimate, as they look like they’ve come directly from Google Calendar.
Mitigation: To defend against these scams, Google said users should turn on the “known senders” setting in Google Calendar. This setting will notify users whenever they receive an invite from someone who is not in their contact list or with whom they have not used email before. It would also allow users to configure settings to only display accepted invitations, which means an attacker cannot automatically add an unwanted entry.
However, over the past couple of weeks security specialists and posts on X (formerly Twitter) have warned of these phishing tactics and the need to ramp-up security settings on Google Calendar to stave off such attacks.
And users need to make sure to not automatically allow unknown people to add events to their calendar, she said, as well as to review any and all unexpected calendar invites, especially those requesting personal or financial information. Never put sensitive details behind unsolicited calendar events or emails, unless you can confirm the person or entity is legitimate.
No Comment! Be the first one.