New threat to watch for: Google Calendar invites
New threat to watch for: Google Calendar invites
The Information Security Office is seeing an uptick in phishing attempts via Google Calendar. Threat actors will send an email invite for a virtual meeting with details about a recent “Bitcoin purchase” that you supposedly made—with instructions to contact the sender if the transaction doesn’t sound familiar to you. That’s the rub—they’re trying to get you to contact them.
The email invite is often removed automatically from your inbox by our robust email monitoring tools, but it may appear on your calendar anyway as the Google integration picks it up from your inbox. The ISO is working on options to help prevent these kinds of malicious events (stay tuned for more information about that), but you do have some options that you can act on now. For instance, to prevent these malicious invitations from being automatically added to your Google Calendar, follow these steps to :
- Click the “Settings” cog in the top right corner of the window
- Select “Event Settings”
- Under “Add invitations to my calendar,” select “Only if the sender is known” or “When I respond to the invitation in email”
This will turn off the automatic addition of the event to your calendar.
Stay safe out there!
