Watch out! Scammers are now targeting you using Google Calendar

Watch out! Scammers are now targeting you using Google Calendar

Experts from international security firm Kaspersky have discovered calendar apps are being targeting in a new type of phishing scam.

A phishing scam is one that attempts to trick you into giving out your personal information, which includes your bank account numbers, passwords and credit card numbers.

The new scam exploits a default feature which gives the ability to add invitations and events automatically to calendar apps unless it is turned off manually.

Kaspersky security researcher Maria Vergelis said scammers hope the “calendar phishing” technique will catch unsuspecting victims off guard, according to Nine Finance.

“The ‘calendar scam’ is a very effective scheme as currently people have more or less gotten used to receiving spam messages from emails or messengers and do not immediately trust them,” she explained.

“This may not be the case when it comes to the Calendar app, which has a main purpose to organise information rather than transfer it.”

How the scam works

The scam sends a pop-up notification of an invitation to the victim’s smartphone and the recipient is encouraged to click on a link.

Once the user clicks on the link, it redirects you to a website that features a simple questionnaire with prize money on offer. In order to receive the prize, they are asked to enter personal information, such as credit card number, name, phone number and address.

This information goes straight to the scammers who exploit this information for money. 

How to disable automatic invites

“So far, the sample we’ve seen contains text displaying an obviously weird offer, but as It happens, every simple scheme becomes more elaborate and trickier with time,” Vergelis warned.

“The good news is one also doesn’t need any sophisticated precautions to avoid such scam - the feature that enables it can be easily turned off in the calendar settings.”

Disabling the “automatic invites” feature is easy enough.

  • Open Google Calendar
  • Click the settings Gear Icon
  • Click “Event Settings”
  • Click on the drop-down menu and select: “No, only show invitations to which I've responded”
Google are well aware of this scam, but stopping all spam is not an easy task.

“Combating spam is a never-ending battle, and while we've made great progress, sometimes spam gets through,” Google said in a statement.

“We remain deeply committed to protecting all of our users from spam: We scan content on Photos for spam and provide users the ability to report spam in Calendar, Forms, Google Drive, and Google Photos, as well as block spammers from contacting them on Hangouts.”