Scammers are making phishing attacks, by abusing Google Calendar services, to trick users into giving away sensitive information like passwords, card details, and other financial data. The threat intelligence and cybersecurity firm Kaspersky stated that it detected many unsolicited pop-up calendar notifications sent to Gmail users by cybercriminals as a sophisticated spam email attack.
“Spam and phishing threats that exploit non-traditional attack vectors can be lucrative for criminals, as they can often successfully trick users who might not fall for a more obvious attack. This is particularly true when it comes to trusted legitimate services, such as email calendar features, which can be exploited through so-called “calendar phishing,” Kaspersky explained.
The calendar phishing emails exploit the automatic addition and notification of calendar invitations feature for people using Gmail on their mobiles, according to Kaspersky.
The scam occurs when an attacker sends an unsolicited calendar invitation carrying a link to a phishing URL and encourage the recipient to click on the link. The user then redirected to a fake website, appears to be original, that features a simple questionnaire and offered a prize after completion. The victim will be asked to fill in personal details like name, phone number, address, and bank details in order to steal the victim’s money or identity.
“The ‘calendar scam’ is a very effective scheme, as most people have become used to receiving spam messages from emails or messenger apps,” said Maria Vergelis, a security researcher at Kaspersky. “But this may not be the case when it comes to the Calendar app, which has the main purpose to organize information rather than transfer it. So far, the sample we’ve seen contains text displaying an obviously weird offer, but as it happens, every simple scheme becomes more elaborate and trickier with time.”
The security also suggested the users turn off the ‘automatically add invitations’ option to the Google calendar to avoid calendar scams. According to a research by Menlo Labs, a company that provides cybersecurity solutions, employees at financial services firms in the United States and the United Kingdom are being targeted by a malicious email campaign.
The researchers revealed that cybercriminals are storing malicious payloads on storage.googleapis.com, the domain of the Google Cloud Storage service. The email campaign might have been active in the United States and the United Kingdom since August 2018. The victims received emails containing malicious links to archive files, which appears to be genuine and related to Google’s cloud storage service. The research report stated the attackers used two types of payloads to compromise PCs and the endpoints by duping employees into clicking on malicious links.