Login | Register 
Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Subscribe to this blog post
Print

How Cybercriminals Can Add “Be Scammed” to Your Google Calendar

Total Tech Care Blog Security
0 Comments
How Cybercriminals Can Add “Be Scammed” to Your Google Calendar

Users seem to have a bit of a blind spot when it comes to solutions put out by Google, particularly the risks associated with Gmail. It’s almost odd to say: a security threat leverages Gmail. Unfortunately, it isn’t unheard of, as a phishing scam has been leveraging Gmail and its cooperation with Google Calendar for some time now.

Here, we’ll review the basic experiences that this scam subjects a user to as it sets the trap… and, of course, what your business can do to avoid these threats.

How Users Can Be Scammed

Put yourself in the shoes of a targeted user for a moment: just like any other day, you access your Gmail account and discover what looks like a Google Calendar invite. The invite is apparently for some kind of company-wide meeting (probably to discuss the company’s trajectory, policy changes, or something like that) to take place at the end of the workday. The message includes a link to the complete agenda, which can be accessed once a user confirms their credentials. You do so… and in doing so, fall for a scam.

This scam can be pretty safely categorized as “brilliant in its simplicity,” much like other phishing attacks can be nowadays. By using Google’s own convenience-based features, a fraudulent calendar event can be automatically added to a user’s Google Calendar, notifying the user. Fraudulent links send the user to a faked Google login page, where the user’s credentials are stolen as they attempt to log in. Alternatively, the link just begins installing malware directly to the targeted system. This scam has also proved effective against private users - informing them of some fabulous cash prize they’ve “won” through these fake Calendar entries.

How the Scam Was Uncovered

As it turns out, the details of this scam were reported to Google by an IT security firm in 2017, but Google has not made any steps to resolve it until recently.

The firm stumbled upon this discovery when a coworker’s flight itinerary appeared in an employee’s Google Calendar. From there, the researcher realized the implications of this accidental discovery, and quickly determined that users just don’t anticipate phishing attacks to come in through their Calendar application.

Can This Scam Be Stopped?

Now that Google has acknowledged the issue, a fix is currently being developed as of this writing. Until the point that a successful fix is deployed, you need to make sure your users are protected against this vulnerability.

The first thing they need to do is ensure that no Gmail events are automatically added to their Google Calendar. Under Settings in the Google Calendar application, they need to access their Event settings. From there, they need to deselect the option to Automatically add events to my calendar from their Events from Gmail.

To disable invitations to events from automatically adding themselves to the Google Calendar, a user needs to go through the same process, this time switching the Automatically add invitations option to the much safer “No, only show invitations to which I have responded.”

With any luck, this - combined with a little vigilance from your users - will protect your business from a phishing attack via its schedule. To learn more about how to protect your business against a variety of threats, subscribe to our blog, and give Total Tech Care a call at 866-348-2602.

Tweet
Tags:
Security Email Phishing
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 30 April 2025
If you'd like to register, please fill in the username, password and name fields.

Blog Categories

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Efficiency Software Business Google Network Security Microsoft Internet Email Malware Workplace Tips Backup Innovation Data User Tips Computer Mobile Devices IT Services Hardware Disaster Recovery Android VoIP communications Business Continuity Communication IT Support Smartphones Miscellaneous Smartphone Mobile Device Network Browser Small Business Productivity Collaboration Cybersecurity Quick Tips Business Management Users Upgrade Managed IT Services Windows Phishing Outsourced IT Data Backup Ransomware Windows 10 Cloud Computing Office Data Recovery Server Save Money Passwords Windows 10 Saving Money Holiday Social Media Tech Term Chrome Virtualization Gadgets Automation Managed Service Microsoft Office Managed IT Services Artificial Intelligence Facebook Cybercrime Operating System Computers BYOD Wi-Fi Mobile Device Management Networking IT Support Health Hacking Internet of Things Information Technology Information Managed Service Provider Remote Spam Covid-19 Office 365 Alert Telephone Systems Bandwidth Employer-Employee Relationship Recovery Social Engineering Mobility Router BDR App Application History Password Money Encryption Data Breach Human Resources Applications Big Data Remote Monitoring Law Enforcement Mobile Computing Office Tips Training Blockchain Paperless Office Data Storage Apps Patch Management VPN Remote Computing Government Mobile Office Private Cloud How To Managed IT Bring Your Own Device Data Management Wireless Work/Life Balance Gmail Vulnerability Windows 7 Word Settings Infrastructure Google Drive Servers Two-factor Authentication Voice over Internet Protocol Mouse HaaS Avoiding Downtime Data Security Flexibility Marketing WiFi IT solutions Entertainment Website Budget USB Cleaning The Internet of Things Lithium-ion battery Staff Conferencing Software as a Service Telephone System Machine Learning End of Support Scam Connectivity Remote Work Physical Security Education Firewall Safety HIPAA Sports Virtual Reality Vendor Management Redundancy Apple Keyboard Social Vendor Managed Services User Error Display Data Protection Meetings Save Time Employee/Employer Relationship Risk Management RMM Hacker Computing Access Control Hiring/Firing Computing Infrastructure DDoS Virtual Assistant IT Consultant Authentication Going Green SharePoint Digital Signage Humor Business Intelligence Battery Customer Service Update Shadow IT Audit Environment Legal Worker IT Management Procurement Fax Server Google Docs Internet Exlporer Workplace Strategy Botnet Net Neutrality Identity Theft IT Plan Help Desk PDF SaaS Printing Unsupported Software Augmented Reality Proactive IT Network Congestion Fraud Charger Virus Best Practice eWaste Managed Services Provider Remote Worker Compliance YouTube Black Market Database OneNote Computer Care Unified Threat Management Current Events Computer Accessories Cryptocurrency Remote Workers Telephony Samsung Document Management Wearable Technology Processor Retail Hard Drives Solid State Drive Comparison Wireless Technology Downtime Instant Messaging How to Value Robot CES Printer Excel Hard Drive Bluetooth Spam Blocking Electronic Medical Records Data storage Biometrics Virtual Desktop Automobile Content Management Business Technology Ergonomics Printers Mobile Smartwatch Windows 10s Millennials Monitor Development Smart Office OLED Cast Wireless Charging Virtual Machine Tip of the week webinar Science Emergency PCI DSS 2FA Virtual Private Network Fiber Optics Professional Services Employee Public Cloud Workforce Employer Employee Relationship Assessment Reputation Streaming Media Messaging Cabling Cables Hypervisor Windows Server 2008 Customer Relationship Management Content Tech Support Policy Distributed Denial of Service Dark mode Project Management Trend Micro Tools Nanotechnology Analyitcs Techology Telecommuting Laptop Television Customers SMS Default App Programming Cortana Saving Time Audiobook Digital Signature Procedure dark theme Warranty Shopping Google Search Touchpad Public Computer AI Antivirus HVAC IT Infrastructure Consultant Google Apps Regulations Politics Analysis Bing Analytics Windows 8 Advertising Transportation FinTech Administrator Social Network IT service Devices Computer Fan Rootkit Notifications Enterprise Content Management Investment Best Available MSP Employee/Employer Relationships WIndows 7 Accountants Workers Tablet Benefits Employees Windows 365 Microchip Domains Thought Leadership ISP FENG Credit Cards Password Manager IBM Relocation Video Conferencing Password Management ROI Bitcoin Flash Maintenance Shortcuts Multi-Factor Security Smart Technology Sales IaaS Point of Sale Search Engine Personal Twitter Cryptomining Bloatware Video Games Worker Commute Business Mangement Supercomputer Supply Chain Management NIST Software Tips Batteries Sync User Experience Smart Tech Emails PowerPoint Tablets Trending Windows Media Player Monitoring Windows 8.1 Digitize Addiction Entrepreneur Scalability Amazon Business Owner Recycling Windows Server 2008 R2 Wiring Managing Stress Shortcut Practices Netflix Two Factor Authentication NarrowBand Customer relationships Email Best Practices IT Assessment Cache Manufacturing Root Cause Analysis Cost Management Search Amazon Web Services Social Networking Criminal Knowledge Cameras iPhone Music Safe Mode HBO GDPR Managed IT Service Skype Hosted Computing Security Cameras Computer Tips Virtual CIO OneDrive Wireless Internet Biometric Security Data loss Online Shopping Outlook Leadership Files Troubleshooting Peripheral Running Cable File Sharing Digital Security Cameras Camera Using Data Start Menu Inventory Memory Specifications Chromecast Loyalty Copiers Wire 5G Screen Mirroring Evernote Frequently Asked Questions Printer Server Colocation Travel Books Uninterrupted Power Supply Quick Tip

      Top Blog

      Taking a Vacation From Your Technology While On Vacation Can Actually Make Things Worse
      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      Read More
      QR-Code