Another day, another phishing scam. We keep trying to dodge them — in our email, on our phones and throughout social media. But scammers are using a new “bait” to try to reel us in.
Are you one of those people who live and die by your calendar? Phishers are now targeting one of our most innocuous but absolutely necessary daily apps to worm their way into our pockets. And phishing is such a successful enterprise — why wouldn’t they try the latest twist to hook us?
We have all heard about the various ways scammers go about phishing, using email or text messages to trick you into giving them your personal information. They may try to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could gain access to your email, bank or other accounts. Scammers launch thousands of phishing attacks like these every day; in the past year, 4,817 phishing scams were reported to Scam Tracker in the U.S.
And unfortunately, they’re often successful. The FBI’s Internet Crime Complaint Center reported that people lost $30 million to phishing schemes in one year.
Exposure to these types of tactics have become normal in our day to day life. Better Business Bureau (BBB) is constantly telling consumers if it looks “phishy” or you don’t know the sender, don’t open or click on the links. As always, this practices should be routine by now: Delete, delete, delete. Now, however, scammers have found a way into your online calendar.
BBB has learned of this new variation of an old scam, first reported by Wired, where phishers are spamming Google calendars with invitations to new events. They aim to take advantage of loose calendar settings to insert their own events into victims’ schedules. These new appointments or meetings are designed to blend in, seemingly innocently. And if your calendar settings are set to automatically accept events and turn on notifications, your calendar, in particular, will set you up to fail.
Once these events have successfully been added to your calendar, here come the notifications! Reminder popups are laced with phishing links. Those links lead to a malicious RSVP form or invitation with event details. They may also claim you’ve won a prize or invite you to take a survey. But they’re all after one thing: your information.
The scam is particularly effective because the calendar entries and notifications stem from trusted apps like Google Calendar.
Here’s how to protect yourself:
Change your settings: Go into your Google Calendar event settings and make sure to turn off automatically adding invitations. This will make it so you’re only showing the events you have responded to.
Stay aware: Before clicking on links in your calendar appointments, make sure it is an event that you have seen before. If the event looks unusual, delete it.
Train your brain: If you regularly make appointments with people you don’t know personally, make sure that you are aware of what phishing emails and links could look like. Secure links will start with https://. The “s” is what you are looking for.
Jeremy Johnson is the Eastern Idaho Marketplace Manager for the Better Business Bureau Northwest + Pacific. Contact the BBB at 208-342-4649 or email to firstname.lastname@example.org.