Beware the New Phishing Scam That's Attacking Your Google Calendar
No matter which corner of the internet you visit, you'll find scammers trying to take advantage of you. You may already know to be skeptical of emails, Facebook posts, and dating profiles that seem too good to be true. Now, WIRED reports that there's a new type of security threat that targets your Google Calendar.
Findings from the threat intelligence firm Kaspersky show there's been a recent wave of scam artists using hyperlink-embedded events to gain access to people's sensitive information. They start by spamming Google Calendar users with seemingly benign calendar invites. Anyone can accept the invitations, but the real targets are users with the default setting that automatically adds every event they're invited to to their Google Calendar. Once it's been added, Google sends notifications related to the event, making it seem more trustworthy.
If you open the invitation you might find a description like "You've received a cash reward," or a tease for a fake survey. The text always includes a hyperlink; clicking it takes you to a form that asks for personal information like your credit card number—a common theme in many phishing scams.
Being wary of what arrives in your email inbox has become common sense on the internet. But a phishing link that arrives in a Google Calendar invite is less expected, and after only receiving event invites from friends and coworkers for years, even savvy web users may be more likely to fall for it.
Fortunately, there are ways to protect yourself from the scam that don't involve deleting the app that keeps your life organized. In Google Calendar, go to Settings, click Event Settings, and then find Automatically Add Invitations. You want to make sure the option "No, only show invitations to which I've responded" is selected— that way suspicious events you've ignored won't show up in your calendar later. Also be sure to unselect "Show declined events" to do the same for invites you've declined.
No matter how smart your internet habits are, it's hard to keep track of all the phishing scams out there. Here are a few more scams to be aware of.
[h/t WIRED]