Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

How Cybercriminals Can Add “Be Scammed” to Your Google Calendar

How Cybercriminals Can Add “Be Scammed” to Your Google Calendar

Users seem to have a bit of a blind spot when it comes to solutions put out by Google, particularly the risks associated with Gmail. It’s almost odd to say: a security threat leverages Gmail. Unfortunately, it isn’t unheard of, as a phishing scam has been leveraging Gmail and its cooperation with Google Calendar for some time now.

Here, we’ll review the basic experiences that this scam subjects a user to as it sets the trap… and, of course, what your business can do to avoid these threats.

How Users Can Be Scammed

Put yourself in the shoes of a targeted user for a moment: just like any other day, you access your Gmail account and discover what looks like a Google Calendar invite. The invite is apparently for some kind of company-wide meeting (probably to discuss the company’s trajectory, policy changes, or something like that) to take place at the end of the workday. The message includes a link to the complete agenda, which can be accessed once a user confirms their credentials. You do so… and in doing so, fall for a scam.

This scam can be pretty safely categorized as “brilliant in its simplicity,” much like other phishing attacks can be nowadays. By using Google’s own convenience-based features, a fraudulent calendar event can be automatically added to a user’s Google Calendar, notifying the user. Fraudulent links send the user to a faked Google login page, where the user’s credentials are stolen as they attempt to log in. Alternatively, the link just begins installing malware directly to the targeted system. This scam has also proved effective against private users - informing them of some fabulous cash prize they’ve “won” through these fake Calendar entries.

How the Scam Was Uncovered

As it turns out, the details of this scam were reported to Google by an IT security firm in 2017, but Google has not made any steps to resolve it until recently.

The firm stumbled upon this discovery when a coworker’s flight itinerary appeared in an employee’s Google Calendar. From there, the researcher realized the implications of this accidental discovery, and quickly determined that users just don’t anticipate phishing attacks to come in through their Calendar application.

Can This Scam Be Stopped?

Now that Google has acknowledged the issue, a fix is currently being developed as of this writing. Until the point that a successful fix is deployed, you need to make sure your users are protected against this vulnerability.

The first thing they need to do is ensure that no Gmail events are automatically added to their Google Calendar. Under Settings in the Google Calendar application, they need to access their Event settings. From there, they need to deselect the option to Automatically add events to my calendar from their Events from Gmail.

To disable invitations to events from automatically adding themselves to the Google Calendar, a user needs to go through the same process, this time switching the Automatically add invitations option to the much safer “No, only show invitations to which I have responded.”

With any luck, this - combined with a little vigilance from your users - will protect your business from a phishing attack via its schedule. To learn more about how to protect your business against a variety of threats, subscribe to our blog, and give Total Tech Care a call at 866-348-2602.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 02 April 2025
If you'd like to register, please fill in the username, password and name fields.

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Efficiency Software Network Security Business Google Microsoft Internet Email Malware Backup Workplace Tips Innovation Data User Tips Computer Mobile Devices Hardware IT Services Disaster Recovery Android VoIP communications Communication IT Support Business Continuity Smartphones Smartphone Miscellaneous Mobile Device Small Business Network Browser Collaboration Productivity Cybersecurity Quick Tips Users Business Management Managed IT Services Upgrade Windows Phishing Outsourced IT Ransomware Data Backup Windows 10 Office Data Recovery Server Save Money Cloud Computing Passwords Windows 10 Virtualization Tech Term Social Media Saving Money Holiday Gadgets Chrome Automation Managed IT Services Microsoft Office Managed Service Computers Facebook Cybercrime Operating System Artificial Intelligence BYOD Mobile Device Management Health Networking IT Support Internet of Things Hacking Wi-Fi Information Technology Remote Managed Service Provider Spam Alert Information Office 365 Covid-19 Telephone Systems Recovery Employer-Employee Relationship Router Bandwidth BDR Social Engineering Mobility App History Mobile Computing Encryption Applications Data Breach Application Human Resources Law Enforcement Big Data Remote Monitoring Password Money Office Tips Data Storage Patch Management Training VPN Government Remote Computing Blockchain Private Cloud Paperless Office Mobile Office How To Managed IT Apps Marketing Wireless WiFi Vulnerability IT solutions Windows 7 Word Entertainment Website Gmail Budget Google Drive Settings Servers Two-factor Authentication Avoiding Downtime Data Security Mouse HaaS Bring Your Own Device Data Management Work/Life Balance Infrastructure Flexibility Voice over Internet Protocol Conferencing End of Support The Internet of Things Employee/Employer Relationship Education Physical Security Lithium-ion battery Scam RMM Safety Data Protection USB HIPAA Sports Redundancy Firewall Keyboard Vendor Management Virtual Reality Apple Social Telephone System Staff Software as a Service User Error Save Time Machine Learning Meetings Connectivity Remote Work Vendor Managed Services Cleaning Display Risk Management Hacker Battery Augmented Reality Hard Drive DDoS Shadow IT Fraud Legal Business Intelligence SharePoint Remote Worker Printer Bluetooth Audit Internet Exlporer Worker Computing IT Management Cryptocurrency Botnet Customer Service PDF Environment IT Plan Comparison IT Consultant Fax Server Proactive IT CES Digital Signage Unsupported Software Best Practice SaaS Humor YouTube Charger Black Market Content Management Business Technology Access Control Compliance Procurement OneNote Computer Care Network Congestion Virtual Assistant Current Events Workplace Strategy Net Neutrality eWaste Document Management Telephony Authentication Wireless Technology Samsung Help Desk Solid State Drive How to Downtime Printing Value Data storage Update Managed Services Provider Wearable Technology Automobile Spam Blocking Electronic Medical Records Hard Drives Retail Database Virus Instant Messaging Google Docs Robot Computing Infrastructure Excel Hiring/Firing Identity Theft Unified Threat Management Going Green Remote Workers Computer Accessories Biometrics Processor Virtual Desktop Laptop Assessment Password Manager Computer Tips Managed IT Service Security Cameras Techology Password Management Biometric Security Windows Server 2008 Cameras Customers Multi-Factor Security Virtual CIO OneDrive Peripheral Audiobook Tools Search Engine Twitter Science Touchpad Television Business Mangement Digital Security Cameras Using Data NIST 5G Smart Tech Trending Copiers Quick Tip Distributed Denial of Service Politics Customer Relationship Management Advertising Addiction Amazon Analyitcs Public Computer Recycling Ergonomics Smartwatch OLED Regulations Wiring Printer Server Programming Practices Notifications Transportation Development PCI DSS Virtual Machine Computer Fan Cache Rootkit Amazon Web Services Criminal 2FA Fiber Optics Employee Safe Mode Cabling Antivirus GDPR Relocation Workers Hosted Computing Benefits Messaging Policy Hypervisor FENG Wireless Internet Windows 8 Online Shopping IBM Dark mode Trend Micro IT service Video Games File Sharing Default App Worker Commute Flash Camera Inventory Smart Technology Specifications SMS Procedure Saving Time Experience Wire Tablet Evernote Supercomputer Travel dark theme Shopping Google Search Domains Scalability Software Tips IT Infrastructure Business Owner Sync Printers Emails Millennials AI FinTech IaaS Bing Maintenance Smart Office NarrowBand Wireless Charging Search Bloatware Social Network Consultant Investment Virtual Private Network Analytics iPhone Netflix Two Factor Authentication Workforce Tablets Cables Employees Employee/Employer Relationships Root Cause Analysis Best Available ISP HBO Entrepreneur Knowledge Music Windows 365 Video Conferencing WIndows 7 ROI Skype Project Management Files Nanotechnology Telecommuting Chromecast Cortana Sales Bitcoin Shortcuts Shortcut Data loss Cryptomining Outlook Cost Management Leadership Digital Signature Troubleshooting Point of Sale Personal Supply Chain Management Start Menu Warranty Social Networking Colocation Uninterrupted Power Supply Loyalty Google Apps Monitoring Batteries Screen Mirroring HVAC Frequently Asked Questions Monitor Analysis Books Windows 8.1 Digitize User Windows Server 2008 R2 Running Cable Mobile Administrator PowerPoint Windows 10s Devices Windows Media Player Memory Customer relationships Cast Enterprise Content Management Manufacturing Tip of the week MSP Reputation webinar Accountants Streaming Media Emergency Email Best Practices IT Assessment Managing Stress Content Professional Services Microchip Public Cloud Thought Leadership Tech Support Employer Employee Relationship Credit Cards

      Top Blog

      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      QR-Code