Kapersky Researchers Warn Google Calendar Users Against New Phishing Attacks

Kapersky Researchers Warn Google Calendar Users Against New Phishing Attacks

Kapersky security researchers have identified a new phishing attack that takes place in Google Calendar. Threat actors send a Google Calendar invitation to a user that contains a malicious link hosting a phishing URL.

Security researchers at Kapersky recently warned Google Calendar users that they may be targeted with a credential-stealing attack by threat actors.

When performing this attack, the threat actors will send a calendar invitation to a user. Unfortunately, that calendar invitation hosts a malicious link to a phishing URL. If the user clicks on the link, the website reached will ask victims to enter their credit card details and add some personal information. The website says that upon completion, the user will win prize money, but instead, the information is delivered to a scammer.

Maria Vergelis, a security researcher at Kaspersky said that the “calendar scam” has the potential to be effective and dangerous, given the fact users are used to receiving phishing attacks through email or messaging apps, not their calendar app. She also said that at the current moment though, the scam would need to become more elaborate to be overly convincing.

“But this may not be the case when it comes to the Calendar app, which has a main purpose to organize information rather than transfer it,” Vergelis said. “So far, the sample we’ve seen contains text displaying an obviously weird offer, but as it happens, every simple scheme becomes more elaborate and trickier with time.”

Luckily, the app feature that allows scammers to attempt this form of phishing can be easily disabled.

Kapersky researchers advise to “Turn off the automatic adding of invitations to your calendar. To do so, open Google Calendar, click the settings Gear Icon, then on Event Settings. For the ‘automatically add invitations’ option, click on the dropdown menu and select ‘No, only show invitations to which I’ve responded’. Below this, in the View Options section, make sure ‘Show declined events’ is NOT checked, unless you specifically wish to view these.”

Although the scam is not highly developed yet, it still poses a serious risk to those who could fall victim to the attack. In addition, the attack has room to grow into a much more convincible and less obvious threat.

About the Author

Kaitlyn DeHaven is the Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

  • The Z-Wave Alliance Focuses on the Residential Market The Z-Wave Alliance Focuses on the Residential Market

    Mitchell Klein serves as the executive director of the Z-Wave Alliance, an industry organization that drives numerous initiatives to expand and accelerate the global adoption of smart home and smart cities applications. In this Podcast, we talk about the 2022 State of the Ecosystem, and the fact that technology has brought about almost unimaginable residential security resources. The Alliance also provides education resources as well as looking at expanding technology.

Digital Edition

  • Security Today Magazine - May June 2022

    May / June 2022


    • The Ying and Yang of Security
    • Installing Smart Systems
    • Leveraging Surveillance
    • Using Mobile Data
    • RIP Covid-19

    View This Issue

  • Environmental Protection
  • Occupational Health & Safety
  • Infrastructure Solutions Group
  • Spaces4Learning
  • Campus Security & Life Safety