We’ve all received a spam email telling us we’ve won millions of dollars or need to reset our online banking password. Although these are widespread, most messaging platforms and even browsers have learned to recognize them for our protection. Because of this, attackers are finding more sophisticated means to be more attractive: Besides using Google Docs to trick users, scammers have turned to Google Calendar and are relying on its automatic event creation setting to take advantage of people.
Scammers are exploiting’s Calendar default setting, which automatically adds invites to your agenda, even if you haven’t accepted them. Even worse, it’ll create an automatic reminder to notify you a few minutes before the fake event takes place. The appointment names usually mention you’ve won a reward or have received a money transfer to lure you in. The invitation would typically contain a link to collect sensitive data such as your credit card or bank account number. Since the notification comes from an app people tend to trust, they’d pay less attention to its authenticity, which is precisely what attackers want.
Interestingly, our very own Artem has been receiving these and…
https://www.androidpolice.com/2019/06/22/google-calendar-phising-scam/