Google Calendar Attacks Target Unwitting iPhone and Android Users
Users of Gmail on iPhone and Android devices are being targeted by fraudulent, unsolicited, Google Calendar notifications.
This sophisticated cyber-attack takes advantage of a common default feature for people using Gmail on their device. Google Calendar invites automatically pop up on phones, prompting users to accept or decline the appointment.
Kaspersky researcher, Maria Vergelis, posted on Monday: “Cyber criminals send an unsolicited calendar invitation carrying a link to a phishing URL” … “A pop up notification of the invitation appears on the smartphone’s screen, and the recipient is encouraged to click on the link. The website where they are directed then tells victims to enter their credit-card details and add some persona information, which is send straight to the scammers.”
Kaspersky observed this campaign targeting victims throughout May. While it has phishing designs on victims, the attack vector can also be used for other types of malicious activities, like clicking on links to malware. “This attack vector can be used for any campaign, including the spread of malicious links… the ability to exploit legal services that are so popular and well known among users around the world – [the number of potential victims and exposure are notable]. Secondly, the idea of delivery of the illegal content, not only by emails but also as pop-up notifications on the smartphone screen [stands out here].”
With Ron Orland