Phishing scams now spread abusing Google Calendar

Global cyber-security firm Kaspersky Lab in its latest press release has said that scammers in their most recent method of offense are abusing default security configurations with the aid of certain digital calendar. These cyber criminals are distributing phishing web-links utilizing Google Calendar a means most unimaginable.

The attackers' method is relatively simple: a calendar invitation is forced which contains one web-link leading onto a phishing site that's dispatched onto the potential victim's G Suite/Gmail address. Normally Gmail in smart-phones, by default, includes events into a digital calendar followed with creating a popup containing the notification to the end-user. In case the end-user clicks the web-link, he lands on an associated phishing site alternatively malicious software gets downloaded straight away. Since the pop-ups look like emerging from a Google Calendar application that's widely trusted, end-users generally would respond, with the spam filters in Gmail bypassed. www.scmagazine.com posted this in a blog dated June 18, 2019.

The method also involves bogus surveys getting thrust to end-users even while missives such as "There's a money transfer in your name," or "You've received a cash reward" are included.

The majority phishing web-links led end-users onto a site asking for completing a questionnaire which had a prize-money attached. And upon completing the questionnaire, end-users must enter their payment card particulars as well as personal info including name, postal address along with phone number. All these details are asked for so the end-user may get the prize, so goes the phishing tactic.

As the scam greatly depends upon end-users pressing enter on popup notifications, it affects mostly users of Gmail on sophisticated mobile phones, popularly called smart-phones. Also, people having Google Calendar whose configurations are by default, dispatch as well as accept calendar invites free of cost, even from unknown individuals, while the invites then mechanically appear on the calendar.

Google stated it banned the proliferation of malware across its services, while the company strived towards prevention and proactive tackling of abuse. Additionally, it provided security safeguards for end-users through issuance of alerts about known malevolent domains through the Safe Browsing anti-spam filters in Google's Chrome web browser.

» SPAMfighter News - 6/21/2019