Email and phone phishing scams are commonplace in the modern age. Their goal is to trick you into providing personal information, such as bank account numbers or personally identifying data, that can be used to commit fraud or identify theft. But thanks to spam filters and call screening, many phishing scams now go ignored.
However, there’s a new form of phishing scam taking advantage of Google Calendar, a tool that over a billion Google users have access to every day. Scammers are now using Google Calendar meeting invites to bypass spam filters and deliver scams right to your inbox.
How Scammers are Getting by Spam Filters
Google’s suite of services includes Gmail, Google Calendar, Google Drive, Google Photos, and much more. All Google services are linked to each other, and so all 1.2 billion Google users have a build-in calendar to arrange appointments and meetings.
Typically, when scammers send malicious emails, Google is able to flag them as spam and send them to Gmail’s spam folder where they’ll never see the light of day. But Google tends to prioritize its own email notifications, such as those that are sent when someone tries to arrange a calendar meeting with you.
In short, scammers can bypass the spam filter and land in your inbox by sending you a calendar meeting invite.
What the Phishing Scams Contain
Google Calendar automatically gives anyone with your email address the ability to invite you to a meeting. When they do, you will receive meeting notifications in your inbox.
The meeting invite may contain some kind of incentive like a cash payment or free prize, along with a link. That link may then send you to a web form or landing page that will attempt to collect identifying information or even convince you to send a “transfer fee” before your phony award is released. Of course, there will be no award and the scammers will abscond with your personal data and/or funds.
While this may seem like an obvious ploy, the scammers are banking on the fact that people are used to receiving spam emails and phone calls but aren’t as aware of phony meetings that can contain the appearance of legitimacy.
How to Avoid Google Calendar Phishing Scams
First, you should use the same techniques you already use to gauge the legitimacy of emails or phone calls. Avoid opening any attachments or clicking links from sources you don’t trust and haven’t verified. Decline any unexpected meetings from people you don’t know, delete the meetings from your calendar, and delete the notifications from your inbox.
Second, you can stop Google from adding unsolicited invites to your calendar by turning off “automatically add invitations” in your Google Calendar settings. Also, deselect the “show declined events” box in the View Options menu. This will help keep spammers out of your Google Calendar. However, this action also will prevent legitimate meetings from automatically showing up, so you will have to accept invitations first.
Another New Phishing Scam
The Google calendar phishing scam is just one of numerous new scams using trusted platforms in an attempt to steal personal information.
Researchers recently discovered a new phishing scam that uses false two-factor authentication to take over Instagram accounts.