Scammers abuse Google Calendar feature to trick users into revealing their personal information

• The scammers are leveraging phishing attacks to target users in this scam.
• The emails contain a link that exploits a common default feature of Google Calendar to include automatic addition and notification of unwanted events & invitations.

Multiple cases of a sophisticated scam targeting consumers through unsolicited Google Calendar notifications has been observed recently. The main purpose of the scam is to trick users into sharing their personal information.

What is involved?

According to the researchers from Kaspersky, it has been found that the scammers are abusing a specific feature of a free online calendar service that adds invitations and events to users’ calendars’ automatically. This resulted in unsolicited pop-up calendar notifications appearing for Gmail users.

How does it operate?

The scammers are leveraging phishing attacks to target users in this scam. These phishing emails contain a link that exploits a common default feature of Google Calendar to include automatic addition and notification of unwanted events & invitations.

“Kaspersky observed multiple, unsolicited pop-up calendar notifications appearing for Gmail users during May. This turned out to be a result of a blast of sophisticated spam emails sent by scammers. The emails exploited a common default feature for people using Gmail on their smartphone: the automatic addition and notification of calendar invitations,” said the researchers.

The phishing email that appears to be an unsolicited calendar invitation for the recipient, carries a link to a phishing URL. This URL redirects the user to a website that features simple questionnaires and offers prize money upon completion. The questions are framed in such a way that users who are unaware of the scam can end up in providing their personal and financial information.

How to stay safe?

To avoid falling victim to such malicious spam, researchers have advised users to:

• Turn off the automatic adding of invitations on Google Calendar;
• Never share personal information on websites that are unsafe and look suspicious;
• Use a reliable security solution for comprehensive protection from a wide range of threats.