Cyber security firms are warning of new security threats involving Google applications, specifically Gmail and Calendar, as cybercriminals find ways to send fakes from seemingly legit email accounts.
Calendar Invites from Trusted Contacts
Check Point Software Technologies on Tuesday published a report about a new Google Calendar notification attack that cleverly bypasses email security protocols.
“Cyber criminals are modifying ‘sender’ headers,” Check Point researchers said, “making emails look as though they were sent via Google Calendar on behalf of a known and legitimate individual.”
The fraudulent mails, apparently sent from legitimate mail-accounts, include either a direct link, or a calendar file (.ics) with an embedded link to Google Forms or Google Drawings.
“Users are then asked to click on another link, which is often disguised as a fake reCAPTCHA or support button,” Check Point said.
After clicking on the link, the user is forwarded to a page that looks like a cryptocurrency mining page, or similar, where users are asked to complete an authentication process—thereby sharing their personal information—and to provide payment details.
So far, 300 brands have been affected by this cyber fraud campaign, Check Point said, counting more than 4,000 of these phishing emails in a four-week period.
Check Point recommends organizations to invest in advanced email security solutions and implement strong authentication mechanisms. Individual users are advised to enable two-factor authentication, stay vigilant and remain wary of fake event invites.
Reduce Calendar Scams
KnowBe4, a cyber-security awareness training company, also commented on another type of Calendar Scam.
“Attackers only need your Gmail address to send you an invite, and the event will be placed in your calendar by default,” KnowBe4 founding CEO Stu Sjouwerman said, adding that this kind of spam itself is nothing new.
“The scammers are simply using a previously obscure technique to place it in front of you.”
These attacks can be mitigating easily, Sjouwerman said: open the Google Calendar settings , open the event settings, and switch the “automatically add invitations” option to “only show invitations to which I have responded.”
The second step requires changing the Gmail “events” options by unchecking “automatically add events from Gmail to my calendar.”
Doing so will, however, impact functionality as all automatic invites will be disabled, including legitimate ones from family, friends, and work. It’s that old choice between usability and security; only you can decide which takes priority.
Users who do not disable automatic invites are encouraged to report any spam that shows up in their calendars. This helps software developers improve spam filtering algorithms and reduce the likelihood of similar invites in the future.