There is a relatively new scam doing the rounds at the moment and you may have already been a victim of it.
Scammers have found that you no longer need to fill a users inbox with potential phishing emails, but rather they can get you by inviting you to a Google Calendar event using your email address.
By default, Google adds any event you are invited to straight into your Calendar, even if you haven’t responded. So, if you’re unaware – like me – then you’ll get an alert on your device of said phishing event. The one that I received was a 5 day-long event with a bitly URL, stating that I had won an iPhone. It was even more daunting as I had received the notification on my watch, so instantly became worried.
After doing some research on this, there is a way that you can potentially stop this from happening, but it may interrupt your workflow if you use the calendar invite functionality regularly. That said, I would still give it a go.
• Go to Google Calendar on your computer
• Click the cog in the upper right, then hit settings
• On the list on the left, click “Event settings”
• Look for the “Automatically add invitations” option. Change this to “No, only show invitations to which I have responded”
Now, although this is a potential solid fix; there is no saying that scammers won’t find a work-around in the future. Although, if my path is to cross with this again in the future, I will surely follow this up with another post.
Thank you for reading my second security post. I hope to write more about these types of scams moving forward, alongside my normal writing.
If you have any questions about types of security or how you can keep safe online, feel free to leave a comment below or tweet me. If you want to keep it between us, then head over to the contact page.