Login | Register 
Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Subscribe to this blog post
Print

How Cybercriminals Can Add “Be Scammed” to Your Google Calendar

Total Tech Care Blog Security
0 Comments
How Cybercriminals Can Add “Be Scammed” to Your Google Calendar

Users seem to have a bit of a blind spot when it comes to solutions put out by Google, particularly the risks associated with Gmail. It’s almost odd to say: a security threat leverages Gmail. Unfortunately, it isn’t unheard of, as a phishing scam has been leveraging Gmail and its cooperation with Google Calendar for some time now.

Here, we’ll review the basic experiences that this scam subjects a user to as it sets the trap… and, of course, what your business can do to avoid these threats.

How Users Can Be Scammed

Put yourself in the shoes of a targeted user for a moment: just like any other day, you access your Gmail account and discover what looks like a Google Calendar invite. The invite is apparently for some kind of company-wide meeting (probably to discuss the company’s trajectory, policy changes, or something like that) to take place at the end of the workday. The message includes a link to the complete agenda, which can be accessed once a user confirms their credentials. You do so… and in doing so, fall for a scam.

This scam can be pretty safely categorized as “brilliant in its simplicity,” much like other phishing attacks can be nowadays. By using Google’s own convenience-based features, a fraudulent calendar event can be automatically added to a user’s Google Calendar, notifying the user. Fraudulent links send the user to a faked Google login page, where the user’s credentials are stolen as they attempt to log in. Alternatively, the link just begins installing malware directly to the targeted system. This scam has also proved effective against private users - informing them of some fabulous cash prize they’ve “won” through these fake Calendar entries.

How the Scam Was Uncovered

As it turns out, the details of this scam were reported to Google by an IT security firm in 2017, but Google has not made any steps to resolve it until recently.

The firm stumbled upon this discovery when a coworker’s flight itinerary appeared in an employee’s Google Calendar. From there, the researcher realized the implications of this accidental discovery, and quickly determined that users just don’t anticipate phishing attacks to come in through their Calendar application.

Can This Scam Be Stopped?

Now that Google has acknowledged the issue, a fix is currently being developed as of this writing. Until the point that a successful fix is deployed, you need to make sure your users are protected against this vulnerability.

The first thing they need to do is ensure that no Gmail events are automatically added to their Google Calendar. Under Settings in the Google Calendar application, they need to access their Event settings. From there, they need to deselect the option to Automatically add events to my calendar from their Events from Gmail.

To disable invitations to events from automatically adding themselves to the Google Calendar, a user needs to go through the same process, this time switching the Automatically add invitations option to the much safer “No, only show invitations to which I have responded.”

With any luck, this - combined with a little vigilance from your users - will protect your business from a phishing attack via its schedule. To learn more about how to protect your business against a variety of threats, subscribe to our blog, and give Total Tech Care a call at 866-348-2602.

Tweet
Tags:
Security Email Phishing
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, 24 April 2025
If you'd like to register, please fill in the username, password and name fields.

Blog Categories

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Software Efficiency Network Security Google Business Internet Microsoft Email Malware Backup Workplace Tips Innovation User Tips Data Computer Mobile Devices IT Services Hardware Android VoIP Disaster Recovery communications Smartphones IT Support Communication Business Continuity Miscellaneous Smartphone Mobile Device Browser Small Business Network Collaboration Productivity Cybersecurity Quick Tips Users Business Management Managed IT Services Windows Upgrade Phishing Outsourced IT Ransomware Data Backup Windows 10 Cloud Computing Office Data Recovery Server Save Money Passwords Windows 10 Chrome Tech Term Virtualization Social Media Saving Money Holiday Gadgets Managed Service Microsoft Office Automation Managed IT Services Operating System Facebook Computers Cybercrime Artificial Intelligence Hacking BYOD Internet of Things Health Mobile Device Management Networking IT Support Wi-Fi Office 365 Covid-19 Telephone Systems Information Technology Alert Remote Information Managed Service Provider Spam Social Engineering Mobility Router Recovery Employer-Employee Relationship BDR Bandwidth Big Data Money Encryption App Applications History Data Breach Mobile Computing Law Enforcement Application Human Resources Remote Monitoring Password Apps Data Storage Patch Management Office Tips Training VPN Government Private Cloud Remote Computing Blockchain Managed IT Paperless Office How To Mobile Office Infrastructure Voice over Internet Protocol Vulnerability Windows 7 Flexibility Wireless Google Drive Word Marketing WiFi Servers IT solutions Gmail Entertainment Website Avoiding Downtime Budget Settings Data Security Two-factor Authentication Mouse Bring Your Own Device HaaS Data Management Work/Life Balance Meetings Vendor Managed Services End of Support Conferencing Display Risk Management Education Physical Security Hacker Safety Scam HIPAA Sports The Internet of Things Redundancy Employee/Employer Relationship Lithium-ion battery Data Protection RMM Keyboard Vendor Management USB Firewall Virtual Reality Apple Save Time Telephone System Social Staff Software as a Service Machine Learning User Error Cleaning Remote Work Connectivity Hiring/Firing Managed Services Provider Wearable Technology Google Docs Hard Drives Identity Theft Retail Database Battery Instant Messaging Robot Excel Shadow IT Virus Remote Workers Legal Biometrics Processor Augmented Reality Virtual Desktop Unified Threat Management Internet Exlporer Business Intelligence Computer Accessories Fraud Audit Worker Hard Drive DDoS Remote Worker PDF IT Management SharePoint Cryptocurrency Botnet Proactive IT IT Plan Printer Computing Bluetooth Best Practice Unsupported Software Comparison Customer Service YouTube Environment Black Market Charger CES Fax Server Compliance Digital Signage Computer Care IT Consultant Document Management Business Technology Content Management OneNote Current Events SaaS Solid State Drive Access Control Wireless Technology How to Downtime Telephony Samsung Virtual Assistant Humor Procurement Authentication Network Congestion Data storage Workplace Strategy Net Neutrality Value eWaste Automobile Help Desk Spam Blocking Printing Electronic Medical Records Computing Infrastructure Update Going Green HVAC Cost Management Reputation Mobile Google Apps Point of Sale Streaming Media Windows 10s Personal Cryptomining WIndows 7 Supply Chain Management Content Social Networking Analysis Tech Support Cast Laptop Tip of the week Monitoring webinar Batteries Emergency Administrator Techology Devices Enterprise Content Management Customers Professional Services Windows 8.1 Public Cloud Digitize Employer Employee Relationship Assessment Windows Server 2008 R2 Running Cable Audiobook MSP Accountants Memory Touchpad Windows Server 2008 Credit Cards Customer relationships Microchip Thought Leadership Manufacturing User Password Management PowerPoint Tools Password Manager Windows Media Player Email Best Practices IT Assessment Television Politics Advertising Multi-Factor Security Twitter Computer Tips Managed IT Service Search Engine Security Cameras Biometric Security Managing Stress NIST Business Mangement Virtual CIO Notifications OneDrive Trending Peripheral Public Computer Smart Tech Science Addiction Cameras Regulations Amazon Digital Security Cameras Using Data Transportation 5G Relocation Recycling Computer Fan Copiers Rootkit Quick Tip Distributed Denial of Service Wiring Customer Relationship Management Practices Cache Analyitcs Amazon Web Services Ergonomics Workers Benefits Smartwatch Video Games OLED Worker Commute Safe Mode Programming Criminal FENG Development PCI DSS IBM Virtual Machine Experience GDPR Hosted Computing Wireless Internet Printer Server Flash Online Shopping 2FA Fiber Optics Smart Technology Employee Scalability Cabling Antivirus Business Owner File Sharing Messaging Software Tips Specifications Policy Supercomputer Hypervisor Camera Inventory Windows 8 NarrowBand Wire Sync Evernote Dark mode Emails Trend Micro IT service Search Default App iPhone Travel SMS Millennials Procedure Saving Time Printers Tablet Smart Office Wireless Charging dark theme Netflix Shopping Two Factor Authentication Google Search Domains IT Infrastructure Files Root Cause Analysis AI Chromecast HBO Workforce FinTech Knowledge IaaS Music Virtual Private Network Bing Maintenance Bloatware Skype Cables Social Network Investment Colocation Uninterrupted Power Supply Data loss Tablets Outlook Telecommuting Employees Leadership Employee/Employer Relationships Troubleshooting Project Management Consultant Nanotechnology Analytics Entrepreneur Monitor Start Menu Cortana Windows 365 ISP Loyalty ROI Digital Signature Screen Mirroring Video Conferencing Frequently Asked Questions Sales Bitcoin Books Warranty Shortcuts Best Available Shortcut

      Top Blog

      Taking a Vacation From Your Technology While On Vacation Can Actually Make Things Worse
      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      Read More
      QR-Code