By Oliver Samson
Scammers are said to be sending phishing links to unsuspecting Google calendar users. | IMAGE FROM KASPERSKY LAB
Security researchers at a global cyber security firm have detected a number of abuses of the Google Calendar service aimed at stealing users’ personal information.
The scammers have made a blast of sophisticated spam e-mails to execute their design, Kaspersky Lab said in a statement on Monday.
“The e-mails exploited a common default feature for people using Gmail on their smartphone: the automatic addition and notification of calendar invitations,” the cybersecurity firm said.
Fraud takes place when the actor dispatches “an unsolicited calendar invitation” bearing a link to a phishing URL, Kaspersky Lab explained.
The users were usually “redirected to a website featuring a simple questionnaire with prize money on offer,” the cybersecurity noted.
The users are asked for a “fixing” payment that requires credit card details and personal information like name, contact number, and address, Kaspersky Lab added.
The data are then stolen by the actors who may use them to steal money or identity information, the cybersecurity firm explained.
“The ‘calendar scam’ is a very effective scheme, as currently people have more or less got used to receiving spam messages from emails or messengers and do not immediately trust them,” said Maria Vergelis, a security researcher at Kaspersky Lab.
The situation could be different when the calendar app, designed to organize data and not transfer of information, was in question, she noted.
“So far, the sample we’ve seen contains text displaying an obviously weird offer, but as it happens, every simple scheme becomes more elaborate and trickier with time,” Vergelis said. “The good news is – one also doesn’t need any sophisticated precautions to avoid such scam – the feature that enables it can be easily turned off in the calendar settings.”