Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

How Cybercriminals Can Add “Be Scammed” to Your Google Calendar

How Cybercriminals Can Add “Be Scammed” to Your Google Calendar

Users seem to have a bit of a blind spot when it comes to solutions put out by Google, particularly the risks associated with Gmail. It’s almost odd to say: a security threat leverages Gmail. Unfortunately, it isn’t unheard of, as a phishing scam has been leveraging Gmail and its cooperation with Google Calendar for some time now.

Here, we’ll review the basic experiences that this scam subjects a user to as it sets the trap… and, of course, what your business can do to avoid these threats.

How Users Can Be Scammed

Put yourself in the shoes of a targeted user for a moment: just like any other day, you access your Gmail account and discover what looks like a Google Calendar invite. The invite is apparently for some kind of company-wide meeting (probably to discuss the company’s trajectory, policy changes, or something like that) to take place at the end of the workday. The message includes a link to the complete agenda, which can be accessed once a user confirms their credentials. You do so… and in doing so, fall for a scam.

This scam can be pretty safely categorized as “brilliant in its simplicity,” much like other phishing attacks can be nowadays. By using Google’s own convenience-based features, a fraudulent calendar event can be automatically added to a user’s Google Calendar, notifying the user. Fraudulent links send the user to a faked Google login page, where the user’s credentials are stolen as they attempt to log in. Alternatively, the link just begins installing malware directly to the targeted system. This scam has also proved effective against private users - informing them of some fabulous cash prize they’ve “won” through these fake Calendar entries.

How the Scam Was Uncovered

As it turns out, the details of this scam were reported to Google by an IT security firm in 2017, but Google has not made any steps to resolve it until recently.

The firm stumbled upon this discovery when a coworker’s flight itinerary appeared in an employee’s Google Calendar. From there, the researcher realized the implications of this accidental discovery, and quickly determined that users just don’t anticipate phishing attacks to come in through their Calendar application.

Can This Scam Be Stopped?

Now that Google has acknowledged the issue, a fix is currently being developed as of this writing. Until the point that a successful fix is deployed, you need to make sure your users are protected against this vulnerability.

The first thing they need to do is ensure that no Gmail events are automatically added to their Google Calendar. Under Settings in the Google Calendar application, they need to access their Event settings. From there, they need to deselect the option to Automatically add events to my calendar from their Events from Gmail.

To disable invitations to events from automatically adding themselves to the Google Calendar, a user needs to go through the same process, this time switching the Automatically add invitations option to the much safer “No, only show invitations to which I have responded.”

With any luck, this - combined with a little vigilance from your users - will protect your business from a phishing attack via its schedule. To learn more about how to protect your business against a variety of threats, subscribe to our blog, and give Total Tech Care a call at 866-348-2602.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 25 December 2024
If you'd like to register, please fill in the username, password and name fields.

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Efficiency Software Network Security Business Google Microsoft Internet Email Malware Workplace Tips Backup Innovation Data User Tips Computer Mobile Devices IT Services Hardware Disaster Recovery Android VoIP communications IT Support Business Continuity Smartphones Communication Miscellaneous Smartphone Mobile Device Browser Small Business Network Collaboration Productivity Quick Tips Cybersecurity Users Business Management Upgrade Windows Phishing Managed IT Services Outsourced IT Ransomware Data Backup Windows 10 Server Save Money Data Recovery Cloud Computing Office Windows 10 Passwords Social Media Chrome Virtualization Gadgets Saving Money Holiday Tech Term Automation Microsoft Office Managed IT Services Managed Service Operating System Cybercrime Computers Artificial Intelligence Facebook IT Support Hacking Health Internet of Things BYOD Mobile Device Management Wi-Fi Networking Information Technology Covid-19 Managed Service Provider Spam Information Remote Office 365 Alert Telephone Systems Recovery Employer-Employee Relationship Social Engineering Mobility Router BDR Bandwidth Encryption Big Data Applications Human Resources Law Enforcement Remote Monitoring Mobile Computing Application Data Breach App Password History Money VPN How To Remote Computing Government Blockchain Paperless Office Mobile Office Data Storage Private Cloud Patch Management Managed IT Office Tips Apps Training Gmail Data Security Settings Google Drive Two-factor Authentication Avoiding Downtime Flexibility Mouse Marketing HaaS WiFi IT solutions Vulnerability Entertainment Website Windows 7 Budget Word Infrastructure Voice over Internet Protocol Bring Your Own Device Data Management Work/Life Balance Servers Wireless Lithium-ion battery End of Support Data Protection Physical Security Education Employee/Employer Relationship Safety RMM Firewall HIPAA Sports Redundancy Keyboard Virtual Reality Apple Social Staff Software as a Service Telephone System User Error Machine Learning Conferencing Meetings Connectivity Remote Work Save Time Scam USB Risk Management Hacker Vendor Cleaning Vendor Management Managed Services Display The Internet of Things Charger SharePoint Remote Worker Processor Battery Compliance Shadow IT Cryptocurrency OneNote Computer Care Legal Current Events Hard Drive Customer Service Environment Internet Exlporer Telephony Samsung Comparison Fax Server CES PDF Computing Value SaaS Content Management Electronic Medical Records Proactive IT Virus Business Technology Spam Blocking Access Control Best Practice Unified Threat Management Hiring/Firing Digital Signage Network Congestion YouTube Computer Accessories Virtual Assistant Authentication eWaste Black Market Procurement Document Management Net Neutrality Update Solid State Drive Wireless Technology Workplace Strategy Printer Business Intelligence Wearable Technology How to Bluetooth Downtime Retail Hard Drives Help Desk Audit Printing Worker Google Docs Instant Messaging Excel IT Management Identity Theft Robot Data storage Automobile Biometrics Botnet IT Plan Managed Services Provider IT Consultant Virtual Desktop Computing Infrastructure Database Going Green Augmented Reality Humor Unsupported Software Fraud DDoS Remote Workers IT Assessment Smart Tech Manufacturing Trending Techology Laptop Email Best Practices Customers Software Tips Addiction Supercomputer Amazon Distributed Denial of Service Customer Relationship Management Audiobook Security Cameras Consultant Analyitcs Sync Computer Tips Emails Managed IT Service Recycling OneDrive Practices Biometric Security Programming Touchpad Virtual CIO Analytics Wiring Peripheral Cache Amazon Web Services Politics Two Factor Authentication Advertising Best Available Digital Security Cameras Safe Mode Netflix Using Data Criminal GDPR Root Cause Analysis Copiers Hosted Computing 5G Antivirus WIndows 7 Windows 8 Notifications HBO Quick Tip Wireless Internet Knowledge Online Shopping Music Smartwatch IT service Skype Ergonomics File Sharing Camera Data loss Development Inventory OLED Specifications Relocation Tablet Outlook PCI DSS Wire Leadership Virtual Machine Evernote Troubleshooting Employee Travel Domains Start Menu 2FA Fiber Optics PowerPoint Printers Screen Mirroring Messaging Windows Media Player Loyalty Cabling Millennials Video Games User Maintenance Frequently Asked Questions Policy Smart Office Hypervisor Wireless Charging IaaS Worker Commute Books Experience Bloatware Mobile Dark mode Windows 10s Trend Micro Virtual Private Network Cast SMS Default App Workforce Scalability Managing Stress Tablets Tip of the week Procedure webinar Saving Time Cables Business Owner Emergency Employer Employee Relationship Google Search Entrepreneur NarrowBand Professional Services dark theme Cameras Public Cloud Shopping Project Management AI Nanotechnology Assessment IT Infrastructure Telecommuting Search Shortcut iPhone Windows Server 2008 FinTech Cortana Bing Digital Signature Cost Management Tools Social Network Warranty Television Investment Social Networking Files Employees HVAC Employee/Employer Relationships Google Apps Analysis ISP Chromecast Windows 365 Printer Server Administrator Video Conferencing Devices Public Computer ROI Running Cable Transportation Shortcuts Colocation Memory Uninterrupted Power Supply Regulations Sales Enterprise Content Management Bitcoin Computer Fan Personal Accountants Rootkit Cryptomining Point of Sale MSP Microchip Supply Chain Management Thought Leadership Credit Cards Monitor Benefits Monitoring Password Management Workers Batteries Password Manager FENG Digitize Multi-Factor Security Windows 8.1 Reputation Science Search Engine Streaming Media Twitter IBM Windows Server 2008 R2 Content Smart Technology Tech Support Flash Customer relationships NIST Business Mangement

      Top Blog

      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      QR-Code