Last week, a new twist on traditional cyberattacks made the news. Gmail users were hit with fake Google Calendar notifications that, when accepted, led to an illicit website looking to steal personal information.
Security experts, who first identified the new method in May, consider this fresh attempt particularly good at tricking users into clicking on a dangerous URL. That’s because the default setting for Gmail users is to have new calendar invites automatically pop on up a smartphone’s home screen, prompting users to either accept or decline the invitation with just one touch.
That ill-fated click directs users to a fake website, which brazenly offers a “prize” in return for credit card details and other personal information. Savvy computer users may recognize the risk of sharing such information in response to a simple calendar invite. But all it takes is one click on one of these fake notifications to expose a user’s data and devices to other possible problems like malware and sophisticated phishing attempts.
Why is this such a big deal? Any cyberattack that tries to manipulate Google and its plethora of platforms could affect the tech behemoth’s two billion active users. Even a success rate as low as 0.01% could give a hacker access to the private information of more than 200,000 people.
In addition, the newfangled delivery method represents a fresh wrinkle in the cybersecurity landscape. “The ‘calendar scam’ is a very effective scheme, as most people have become used to receiving spam messages from emails or messenger apps,” said Maria Vergelis, security researcher at Kaspersky, which discovered the Google Calendar issue. “But this may not be the case when it comes to the Calendar app, which has a main purpose to organize information rather than transfer it.”
So what can you do to keep your information safe?
1) Always avoid interacting with anything that comes from an unknown contact.
Whether it’s an unsolicited text message, a suspicious email attachment, or one of these new Google Calendar scams, it’s smart to maintain a healthy sense of skepticism when faced with anything from an unknown sender. When in doubt, mark anything unwanted as junk or forward it to a trusted IT provider to assess the threat BEFORE you click, respond, or accept.
2) Turn off the Google Calendar feature that automatically adds invitations to your calendar.
This is the easiest way to avoid the fresh cyberattack outlined above (but if you need assistance doing it, make sure you enlist a trusted IT provider). From Google Calendar, navigate to the Gear Icon at the top. Then, select Event Settings and click on the drop-down option that reads, “No, only show invitations to which I’ve responded.”
3) Use caution with any free services.
Gmail, Google Calendar, and other applications like Google Drive and Google Sheets may work well for basic services. But any business should avoid free offerings like these because of the risk inherent in such consumer-focused services. Your company, your data, and your employees deserve enterprise-class solutions that provide proven security for email, data backup, file collaboration, and more.
4) Provide cybersecurity training to your employees.
Oftentimes, the first line of defense rests with the people who work for you. Uninformed users may fall for an “Enter your credit card information now!” website or that “Urgent CEO needs wire transfer!” email. But well-trained and savvy users will quickly recognize the red flags raised by such scams. That kind of awareness adds another layer of protection alongside anti-virus, anti-malware, network analysis, and security incident monitoring solutions.
This new Google Calendar exploit demonstrates that cyberattacks never slow down. That’s why CMIT Solutions is committed to helping our clients survive and thrive in today’s complicated IT world. We specialize in managed IT, data protection and backup, network security, and other cybersecurity services that defend your network, protect your data, and empower your staff to be more productive.
If you’re looking for a trusted business partner that worries about your IT so you don’t have to, contact us today.