Kaspersky Lab, a leading cybersecurity expert, has raised the alarm on cybercriminals using Google Calendar to exploit users. Throughout May, malicious attackers were found sending deceptive links via Calendar notifications. The modus operandi? Exploiting the automatic addition of events and invites.
Once the users are baited with pop-up notifications, they’re often redirected to a webpage promising monetary rewards for filling out a survey. But there’s a catch – they’re asked to provide credit card and personal details. The endgame? No prizes for the users, only potential theft of money and identity.
Maria Vergelis, a security researcher at Kaspersky, emphasised the novelty of this scam. “While most people are attuned to identifying spam in emails or messages, the Calendar app – primarily for organising information – is new territory for scams.”
Although the current scam samples might seem transparent, they’re bound to get trickier. However, Maria assures that prevention is straightforward. The vulnerable feature can be turned off with a few tweaks in the Calendar settings.