Link to the original article is at the bottom of this post.
Most people are used to seeing phishing scams pop up through emails, on the web, and in messages. However, scammers are still pretty clever in their methods to trick people. According to a new study, Google Calendar has recently been a target of abuse for phishing scams.
A study conducted by Kaspersky found that some scammers are using Google Calendar invitations as a method of delivering phishing scams to users. This is being done by taking advantage of Google Calendar’s ability to automatically pull events and invites over from your attached Gmail account.
Since Google Calendar is a trusted application, users are less likely to ignore these invitations and events, and often they’ll click on the link without much thought. In many cases of this “calendar phishing,” the embedded links redirected to a website that used a questionnaire that asked for credit card details and/or personal information to deliver prize money.
Kaspersky observed multiple, unsolicited pop-up calendar notifications appearing for Gmail users during May. This turned out to be a result of a blast of sophisticated spam emails sent by scammers. The emails exploited a common default feature for people using Gmail on their smartphone: the automatic addition and notification of calendar invitations.
The fraud occurs when the perpetrator sends an unsolicited calendar invitation carrying a link to a phishing URL. A pop-up notification of the invitation appears on the smartphone’s home screen, and the recipient is encouraged to click on the link.
Thankfully, it’s pretty easy to avoid such schemes from affecting your account. Google Calendar leaves automatic event creation on by default, but it can be turned off. From the desktop, head to Settings > Events from Gmail and uncheck the box for “Automatically add events from Gmail to my calendar.”
Notably, as ZDNet points out, Apple added a report function to its calendar app for this reason after seeing a similar problem back in 2016. It’s unclear how widespread or for how long scammers have been targeting Google’s service specifically.