Login | Register 
Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Subscribe to this blog post
Print

How Cybercriminals Can Add “Be Scammed” to Your Google Calendar

Total Tech Care Blog Security
0 Comments
How Cybercriminals Can Add “Be Scammed” to Your Google Calendar

Users seem to have a bit of a blind spot when it comes to solutions put out by Google, particularly the risks associated with Gmail. It’s almost odd to say: a security threat leverages Gmail. Unfortunately, it isn’t unheard of, as a phishing scam has been leveraging Gmail and its cooperation with Google Calendar for some time now.

Here, we’ll review the basic experiences that this scam subjects a user to as it sets the trap… and, of course, what your business can do to avoid these threats.

How Users Can Be Scammed

Put yourself in the shoes of a targeted user for a moment: just like any other day, you access your Gmail account and discover what looks like a Google Calendar invite. The invite is apparently for some kind of company-wide meeting (probably to discuss the company’s trajectory, policy changes, or something like that) to take place at the end of the workday. The message includes a link to the complete agenda, which can be accessed once a user confirms their credentials. You do so… and in doing so, fall for a scam.

This scam can be pretty safely categorized as “brilliant in its simplicity,” much like other phishing attacks can be nowadays. By using Google’s own convenience-based features, a fraudulent calendar event can be automatically added to a user’s Google Calendar, notifying the user. Fraudulent links send the user to a faked Google login page, where the user’s credentials are stolen as they attempt to log in. Alternatively, the link just begins installing malware directly to the targeted system. This scam has also proved effective against private users - informing them of some fabulous cash prize they’ve “won” through these fake Calendar entries.

How the Scam Was Uncovered

As it turns out, the details of this scam were reported to Google by an IT security firm in 2017, but Google has not made any steps to resolve it until recently.

The firm stumbled upon this discovery when a coworker’s flight itinerary appeared in an employee’s Google Calendar. From there, the researcher realized the implications of this accidental discovery, and quickly determined that users just don’t anticipate phishing attacks to come in through their Calendar application.

Can This Scam Be Stopped?

Now that Google has acknowledged the issue, a fix is currently being developed as of this writing. Until the point that a successful fix is deployed, you need to make sure your users are protected against this vulnerability.

The first thing they need to do is ensure that no Gmail events are automatically added to their Google Calendar. Under Settings in the Google Calendar application, they need to access their Event settings. From there, they need to deselect the option to Automatically add events to my calendar from their Events from Gmail.

To disable invitations to events from automatically adding themselves to the Google Calendar, a user needs to go through the same process, this time switching the Automatically add invitations option to the much safer “No, only show invitations to which I have responded.”

With any luck, this - combined with a little vigilance from your users - will protect your business from a phishing attack via its schedule. To learn more about how to protect your business against a variety of threats, subscribe to our blog, and give Total Tech Care a call at 866-348-2602.

Tweet
Tags:
Security Email Phishing
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, 24 January 2025
If you'd like to register, please fill in the username, password and name fields.

Blog Categories

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Efficiency Software Network Security Business Google Microsoft Internet Email Malware Workplace Tips Backup Innovation Data User Tips Computer Mobile Devices IT Services Hardware Disaster Recovery Android VoIP communications Business Continuity IT Support Smartphones Communication Smartphone Miscellaneous Mobile Device Small Business Network Browser Productivity Collaboration Quick Tips Cybersecurity Users Business Management Upgrade Windows Phishing Managed IT Services Data Backup Outsourced IT Ransomware Windows 10 Office Data Recovery Server Save Money Cloud Computing Windows 10 Passwords Saving Money Holiday Social Media Gadgets Chrome Tech Term Virtualization Automation Managed IT Services Microsoft Office Managed Service Facebook Cybercrime Operating System Artificial Intelligence Computers BYOD Mobile Device Management Networking IT Support Health Internet of Things Hacking Wi-Fi Information Technology Remote Managed Service Provider Information Alert Covid-19 Spam Office 365 Telephone Systems Router Bandwidth Employer-Employee Relationship Recovery BDR Social Engineering Mobility Applications Application Law Enforcement Human Resources Big Data Remote Monitoring Password Money Mobile Computing App Encryption Data Breach History Training VPN Government Blockchain Paperless Office How To Private Cloud Remote Computing Managed IT Mobile Office Data Storage Patch Management Apps Office Tips Website Servers Google Drive Budget Gmail Settings Data Security Avoiding Downtime Two-factor Authentication Mouse HaaS Bring Your Own Device Data Management Infrastructure Voice over Internet Protocol Work/Life Balance Vulnerability Flexibility Marketing Windows 7 Word WiFi IT solutions Entertainment Wireless Safety Vendor Management The Internet of Things HIPAA Sports USB Lithium-ion battery Redundancy Keyboard Firewall Software as a Service Telephone System Virtual Reality Staff Vendor Apple Machine Learning Save Time Managed Services Connectivity Display Remote Work Social User Error Meetings Cleaning Employee/Employer Relationship Conferencing RMM Scam Risk Management End of Support Hacker Education Physical Security Data Protection Digital Signage DDoS Comparison Unsupported Software SharePoint PDF Charger CES Procurement Proactive IT IT Consultant Customer Service Compliance Net Neutrality Workplace Strategy OneNote Computer Care Business Technology Environment Best Practice Content Management Help Desk Humor Current Events YouTube Access Control Fax Server Printing Black Market Telephony Samsung Virtual Assistant Authentication SaaS Document Management Value Managed Services Provider Solid State Drive Wireless Technology Electronic Medical Records Downtime Database Spam Blocking How to Update Network Congestion eWaste Remote Workers Hiring/Firing Data storage Google Docs Automobile Processor Identity Theft Virus Computing Infrastructure Hard Drive Going Green Unified Threat Management Wearable Technology Retail Hard Drives Computer Accessories Business Intelligence Augmented Reality Instant Messaging Computing Excel Fraud Robot Audit Battery Worker IT Management Remote Worker Biometrics Shadow IT Legal Virtual Desktop Cryptocurrency Printer Botnet IT Plan Internet Exlporer Bluetooth Trend Micro Benefits Cache Science Amazon Web Services Dark mode Workers FENG SMS Safe Mode Default App Notifications Criminal Printer Server Procedure IBM GDPR Saving Time Hosted Computing Shopping Smart Technology Wireless Internet Google Search Online Shopping Flash Distributed Denial of Service dark theme Customer Relationship Management AI Relocation File Sharing Analyitcs IT Infrastructure Bing Specifications Software Tips FinTech Supercomputer Camera Programming Inventory Social Network Wire Evernote Sync Emails Video Games Worker Commute Investment Travel Millennials Experience Antivirus Employees Printers Employee/Employer Relationships Two Factor Authentication Smart Office Windows 8 ISP Wireless Charging Windows 365 Netflix Scalability Root Cause Analysis Business Owner IT service Video Conferencing ROI Shortcuts Workforce HBO Sales Knowledge Virtual Private Network Bitcoin Music NarrowBand Personal Tablet Cryptomining Consultant Cables Skype Point of Sale Search Data loss Domains Supply Chain Management iPhone Analytics Nanotechnology Telecommuting Outlook Monitoring Leadership Project Management Batteries Troubleshooting Maintenance Digitize Best Available Cortana Start Menu IaaS Windows 8.1 Screen Mirroring Loyalty Files Bloatware Windows Server 2008 R2 WIndows 7 Digital Signature Frequently Asked Questions Customer relationships Warranty Books Chromecast Windows 10s IT Assessment HVAC Tablets Manufacturing Google Apps Mobile Email Best Practices Cast Colocation Entrepreneur Uninterrupted Power Supply Analysis Emergency Devices Security Cameras Tip of the week Computer Tips webinar Administrator Managed IT Service Virtual CIO Public Cloud Shortcut OneDrive Employer Employee Relationship Monitor Enterprise Content Management Biometric Security Professional Services PowerPoint Windows Media Player Peripheral Assessment MSP Cost Management User Accountants Using Data Thought Leadership Credit Cards Windows Server 2008 Digital Security Cameras Microchip Social Networking Copiers Reputation Password Management 5G Streaming Media Password Manager Tools Multi-Factor Security Content Quick Tip Television Tech Support Managing Stress Laptop Twitter Smartwatch Running Cable Ergonomics Techology Search Engine Development Customers NIST Memory OLED Business Mangement Cameras Trending Audiobook PCI DSS Public Computer Virtual Machine Smart Tech Fiber Optics Transportation Touchpad Addiction Employee Amazon Regulations 2FA Computer Fan Messaging Rootkit Cabling Recycling Politics Policy Advertising Wiring Hypervisor Practices

      Top Blog

      Taking a Vacation From Your Technology While On Vacation Can Actually Make Things Worse
      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      Read More
      QR-Code