Are you one of those people who live and die by your calendar? Phishers are now targeting one of our most innocuous but absolutely necessary daily apps to worm their way into our pockets. And phishing is such a successful enterprise, why wouldn’t they try the latest twist to hook us — finding a way into your online calendar?
Better Business Bureau has learned of this new variation of an old scam, first reported by Wired, where phishers are spamming Google calendars with invitations to new events. They aim to take advantage of loose calendar settings to insert their own events into victims’ schedules. These new appointments or meetings are designed to innocently blend in. And if your calendar settings are set to automatically accept events and turn on notifications, your calendar may set you up to fail.
Once these events have successfully been added to your calendar, the notifications come. Reminder pop-ups are laced with phishing links. Those links lead to a malicious RSVP form or invitation with event details. They may also claim you’ve won a prize or invite you to take a survey. But they’re all after one thing — your information. The scam is particularly effective because the calendar entries and notifications stem from trusted apps like Google Calendar.
Here’s how to protect yourself:
- Change your settings — Go into your Google Calendar event settings and make sure to turn off automatically adding invitations. This will make it so you’re only showing the events you have responded to.
- Stay aware — Before clicking on links in your calendar appointments, make sure it is an event that you have seen before. If the event looks unusual, delete it.
- Train your brain — If you regularly make appointments with people you don’t personally know, make sure you’re aware of what phishing emails and links look like. Secure links will start with https://. The “s” is what you’re looking for.