If you see an unfamiliar notification on your Google Calendar, don’t be too quick to click on the link.
You could fall victim to a new form of phishing attack, warns cybersecurity expert Kaspersky Lab.
Cybercriminals are reportedly luring unsuspecting Google users to click on links sent to them via the Calendar feature, exposing them to a variety of cyber threats. Kaspersky notes that it observed attacks targeting victims throughout May.
The criminals reportedly abuse a specific feature of the calendar that adds events and invitations automatically.
Users supposedly received pop-up Calendar notifications, and the report shows that in some cases, the victims are redirected to a website that offers money in exchange for the users to complete an online questionnaire. In order to receive the prize, the victims are asked to enter their credit card and other personal details.
However, not only do these victims not receive the prize money, their details are possibly sent to scammers who could steal the victims’ money or identity, says the report.
“The ‘calendar scam’ is a very effective scheme, as most people have become used to receiving spam messages from emails or messenger apps,” said Maria Vergelis, security researcher at Kaspersky in a statement.
“But this may not be the case when it comes to the Calendar app, which has a main purpose to organise information rather than transfer it.
"So far, the sample we’ve seen contains text displaying an obviously weird offer, but as it happens, every simple scheme becomes more elaborate and trickier with time. The good news is that it’s fairly easy to avoid such a scam,” she said.
Vergelis added that the feature that enables it can be easily turned off in the Calendar settings.
To do so, open Google Calendar, head to Settings and choose Event Settings. Select "No" for the “automatically add invitations” option and select “No, only show invitations to which I’ve responded”.
Also make sure that the “Show declined events” under the View Options section is not selected.
Google Calendar was down for a few hours globally yesterday with no explanation from the company as to the cause or reason.