©2016 BY TIC BUSINESS CONSULTANTS

(617) 884-1086

PO Box 3279, 360 N. Main St.,  Andover, MA 01810 

  • facebook

New Security Warning Issued For Gmail And Calendar Users

June 12, 2019

 

Don't click on unsolicited calendar invites.

Users of the Gmail service are being targeted primarily through the use of malicious and unsolicited Google Calendar notifications. Anyone can schedule a meeting with you, that's how the calendar application is designed to work. Gmail, which receives the notification of the invitation, is equally designed to tightly integrate with the calendaring functionality.


When a calendar invitation is sent to a user, a pop-up notification appears on their smartphone. The threat actors craft their invitations to include a malicious link, leveraging the trust that user familiarity with calendar notifications brings with it.


The researchers have noticed attackers throughout the last month using this technique to effectively spam users with phishing links to credential stealing sites. By populating the location and topic fields to announce a fake online poll or questionnaire with a financial incentive to participate, the threat actors encourage the victim to follow the malicious link where bank account or credit card details can be collected. By exploiting such a "non-traditional attack vector," the criminals can get around the fact that people are increasingly aware of common methods to encourage link-clicking.
 

Please reload

Recent Posts

Please reload

Archive

Please reload

Tags

I'm busy working on my blog posts. Watch this space!

Please reload