Gmail and Google Calendar users are at risk of phishing according to security researchers working at Kaspersky. The tech firm warned that scammers had found a loophole in the Gmail – Google Calendar integrated system to target even the most tech savvy people, by tricking you to click a link.
This is how the attackers go about the new phishing scam disclosed this week.
- The Google Calendar allows anyone to schedule a meeting with any Gmail user as long as they have your email address.
- The scammers schedule meetings and insert malicious links in the calendar invite.
- Once the meeting is scheduled, Gmail automatically receives it and notifies you of the invitation with the normal popup.
- Of course, you are not aware of any meeting with the said person, so as you read on you are tricked to click on the link sent as you seek more info.
- The malicious link redirects to a credential stealing website where you may find a questionnaire or a poll, with a monetary incentive if you participate.
- You will find yourself giving away your bank and credit card details without knowing
Next time that meeting invitation notification appears on your calendar, do not be too quick to follow it up especially when it contains a link for more details.