Warning about Hackers for Gmail & Calendar – Forbes

New Security Warning Issued For Google’s 1.5 Billion Gmail And Calendar Users:
Davey Winder,Contributor

Google’s Gmail email service is used by upwards of 1.5 billion people. The Google Calendar app, meanwhile, has been downloaded more than a billion times from the Play Store. Security researchers have this week warned that threat actors are exploiting the popularity of both in order to target users with a credential-stealing attack.  Here’s what you need to know.

What does this attack involve?

Security researchers working at Kaspersky have revealed how threat actors are using the tight, and automatic, integration between different Google services in order to target users with malicious exploits.

In what the researchers refer to as a “sophisticated scam,” users of the Gmail service are being targeted primarily through the use of malicious and unsolicited Google Calendar notifications. Anyone can schedule a meeting with you, that’s how the calendar application is designed to work. Gmail, which receives the notification of the invitation, is equally designed to tightly integrate with the calendaring functionality.

When a calendar invitation is sent to a user, a pop-up notification appears on their smartphone. The threat actors craft their invitations to include a malicious link, leveraging the trust that user familiarity with calendar notifications brings with it.

The researchers have noticed attackers throughout the last month using this technique to effectively spam users with phishing links to credential stealing sites. By populating the location and topic fields to announce a fake online poll or questionnaire with a financial incentive to participate, the threat actors encourage the victim to follow the malicious link where bank account or credit card details can be collected. By exploiting such a “non-traditional attack vector,” the criminals can get around the fact that people are increasingly aware of common methods to encourage link-clicking.

Patricia Dent

One Comment

  1. One of the best ways to protect yourself is to be aware of the threat of hackers and identity thieves and take extra precautions.. However, in addition, the very best way to be protected is to have a Restoration and Monitoring service available to you where your information can be monitored for you including emails, social insurance numbers, cell phone numbers, bank accounts, credit cards, passport numbers, debit and credit cards, professional licenses, and any other number related to you and your spouse. I provide IDShield for only $12.95 per month for a couple and children up to age 18, which not only provides monitoring, but FULL restoration (up to a 5 million dollar guarantee) by fraud investigators to restore your identity back to pretheft condition.
    If I can be of assistance, please call Annemarie Hill 705-718-5434 annemariehill.com

Leave a Reply

Your email address will not be published.