Hopefully like most people I know by now – you are keeping an eye out for suspicious emails, and making sure you don’t click on email links or opening attachments. The problem is that cyber attackers know that more people are a bit more cyber savvy these days, and as a result are using new alternate ways to convince you to open links – via your Google calendar!
So how does this work? The attack comes simply from scammers sending a wave of calendar invites to Google Calendar users. By default, Google calendar adds an event to a targets calendar automatically. I received a few the other day, with flight details, hotel bookings or anything else that catches your curioristy – and tries to make you click on the link within the calendar entry! Don’t fall for it!
The scam is particularly effective because the calendar entries and notifications seem more legitimate, as from a trusted app like Google Calendar. Don’t click and delete!
In addition to the usual phishing advice of not clicking on unexpected links or attachments, Google Calendar users can also protect themselves against unwanted invites through the app itself.
Open Google Calendar’s settings on a desktop browser and go to:
Event Settings > Automatically Add Invitations, and then select the option “No, only show invitations to which I’ve responded.”
Also, under View Options, make sure that “Show declined events” is unchecked, so malicious events don’t haunt you even after you decline them.
You have been warned!