Connect with us

Hi, what are you looking for?

HEADLINES

Cybercriminals use smartphone calendars to distribute scam offers

Spam and phishing that exploit non-traditional attack vectors can be lucrative for criminals, as they can catch out experienced users who might not fall for a more common threat. This is particularly the case when it comes to trusted legitimate services, such as default email calendar features, and these are exploited through so-called “calendar phishing”.

Kaspersky experts have detected multiple cases of a sophisticated scam targeting users through fraudulent, unsolicited Google Calendar notifications and luring them into giving away their personal information. The attacks happened throughout May. This scam abuses a specific feature of a free online calendar service which adds invitations and events to users’ calendars automatically.

Spam and phishing that exploit non-traditional attack vectors can be lucrative for criminals, as they can catch out experienced users who might not fall for a more common threat. This is particularly the case when it comes to trusted legitimate services, such as default email calendar features, and these are exploited through so-called “calendar phishing”.

The detection of multiple, unsolicited pop-up calendar notifications during May turned out to be a result of a blast of sophisticated spam email  sent by scammers. The e-mails exploited a common default feature for people using Gmail on their smartphone: the automatic addition and notification of calendar invitations. The fraud occurs when the perpetrator sends an unsolicited calendar invitation carrying a link to a phishing URL. A pop-up notification of the invitation appears on the smartphone’s home screen and the recipient is encouraged to click on the link.

In most of the cases observed, the user was redirected to a website featuring a simple questionnaire with prize money on offer. To receive the prize, the user is asked for a “fixing” payment for which they need to enter their credit card details and add some personal information, such as  name, phone number and address. This data goes straight to the scammers who exploit it to steal money or identity information.

Advertisement. Scroll to continue reading.

“The “calendar scam” is a very effective scheme, as currently people have more or less got used to receiving spam messages from emails  or messengers and do not immediately trust them. But this may not be the case when it comes to the Calendar app, which has a main purpose to organize information rather than transfer it. So far, the sample we’ve seen contains text displaying  an obviously weird offer, but as It happens, every simple scheme becomes more elaborate and trickier with time. The good news is – one also doesn’t need any sophisticated precautions to avoid such scam – the feature that enables it can be easily turned off in the calendar settings,” says Maria Vergelis, security researcher at Kaspersky.

To avoid falling victim to malicious spam, Kaspersky researchers advise users to:

  • Turn off the automatic adding of invites to your calendar. To do so, open Google Calendar, click the settings Gear Icon, then click Event Settings. In the “automatically add invitations” option, click on the dropdown menu and select “No, only show invitations to which I’ve responded”. Below this tab, in the View Options section, make sure “Show declined events” is NOT checked, unless you specifically wish to view these.
  • If you are not sure whether a website you are redirected to is real and safe, never enter personal information.
  • Use a reliable security solution for comprehensive protection from a wide range of threats, such as Kaspersky Security Cloud.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

The attackers used a series of campaigns with novel exploits and customized malware to embed tools to conduct surveillance, sabotage and cyberespionage as well...

HEADLINES

Financial phishing attacks are rapidly increasing in the country as cybercriminals continuously evolve and adapt their tactics, making them sophisticated. The number of attacks...

HEADLINES

A Scale of Harm study by the International Justice Mission revealed that almost half a million Filipino children were trafficked to produce new child...

HEADLINES

Yondu launched an extensive, month-long cybersecurity awareness campaign focused on modern threat detection, incident response, and social engineering defense.

ELECTRONICS

Philips EasyKey partnered with Megaworld and equipped their world-class properties with only the best-in-class smart locks we have on offer, the Philips EasyKey 9300.

HEADLINES

The PLDT wireless unit is also calling on customers to report these messages to Smart’s HULISCAM portal for further action.

HEADLINES

Here are some tips from Sophos for staying secure online during the cybersecurity awareness month.

HEADLINES

While only 21% of hackers believed that AI technologies enhance the value of hacking in 2023, 71% reported it to have value in 2024....

Advertisement