Scammers have now devised a new phishing campaign to scam users. As highlighted by some researchers, the scammers now trick users with fake Google Calendar alerts. The scam is actively going on in the wild. Therefore, users must stay vigilant to prevent such attacks being successful.
Phishing With Google Calendar Alerts
Researchers from Kaspersky Lab have caught an actively spreading phishing scam in the wild. They discovered how the attackers exploit Google Calendar alerts to continue with their phishing scam. They have detailed their findings in a blog post.
As discovered, the attackers specifically targeted Gmail users in May, barraging them with unsolicited Google Calendar notifications. The alerts reach the users’ inbox via spam emails. As stated in the blog post,
The emails exploited a common default feature for people using Gmail on their smartphone: the automatic addition and notification of calendar invitations.
In simple terms, the scammers send an unsolicited calendar invitation to the target users with a phishing link. Upon reaching the users, particularly, the smartphone users, a pop-up notification appears on the screen, compelling the user to click on the malicious link.
Once clicked, the link then redirects the user to a website featuring a questionnaire against prize money. Proceeding further with the questionnaire, the user is then supposed to enter payment card details and personal information to ‘fix payment’.
To receive the prize, the user was asked for a “fixing” payment, for which they need to enter their credit card details and add some personal information, including their name, phone number and address.
However, the actual prize goes to the scammers in the form of the users’ information, instead of the users receiving any prize money.
Why Is This Phishing Scam Alarming?
Phishing scams are nothing new when it comes to cyber attacks. Perhaps, most users have learned ways to detect phishing emails. Nonetheless, owing to ever-changing phishing tactics, such scams continue to achieve success in preying on more and more users.
According to Kaspersky’s researcher Maria Vergelis,
The ‘calendar scam’ is a very effective scheme, as most people have become used to receiving spam messages from emails or messenger apps. But this may not be the case when it comes to the Calendar app, which has a main purpose to organize information rather than transfer it.
Though, until now, the researchers have noticed the attacks displaying ‘obviously weird’ texts to the victims, making them easy to identify. Nonetheless, one can witness more sophisticated messages with future attacks.
There is one simple way to avoid such scams altogether. According to Vergelis,
To avoid such a scam – the feature that enables it can be easily turned off in the calendar settings.
Precisely, disabling the ‘automatically add invitations’ from the app settings can protect users from falling a victim to such scams.