I'm as tired as many of you are hearing about all these online scams to steal our info. It never ends.
Most people who have email know not to click on links from people you don't know, even if they were sent by a government agency or a company with whom you do business. But the thieves have outdone themselves this time, using artificial intelligence to infiltrate something that, as of last year, 500 million people installed on their computers: Google Calendars.
"It's not very well known," Jay Rosenberg, from the Global Research and Analysis Team at cybersecurity firm Kaspersky (@Kaspersky on Twitter) told us. "Because it pops up in your calendar, it's more likely to trick users into clicking a link or falling into a phishing scam."
The researchers at his company were actually the ones who discovered the scam. Here's how it works: The same way friends or colleagues send you event or calendar invites, scammers can do the same with email blasts that show up automatically in your calendar and in your email.
"Someone will send you an invite," Paul Sems, a cybersecurity expect with TrustedSec (@TrustedSec on Twitter) said. "It might go to your spam folder, it might go somewhere else, but the problem is the notice still actually comes through."
And they get through, because Gmail and Outlook add these invitations without asking your permission. So, if you don't turn off certain settings, then anyone is able to give you a calendar invite.
One of the ways the invite shows up is as a pop-up notification with a link. When you click on it, you're redirected to a website offering prize money if you fill out a questionnaire. But, to get the money, you're asked to give personal and financial information, and you know what happens next.
"So, they're able to get around some of the spam filtering and are able to be right in your face and say 'hey, here's a notice. Click on this. Take this action,'" Sems explaines. "And you're like, "'It's coming from Google, so it must be real,' and that's where the problem comes in."
And even though researchers at Kaspersky discovered this scam, you can bet there's another one coming, in what's become a cyber game of whack-a-mole.
"As thing are getting more smart, they're actually getting more stupid, because they're often connected to the internet and it’s just another way for them to compromise someone," Rosenberg said.
Now the question is: How do I avoid this Google scam?
Attached are two videos which show you exactly how to change your settings. One is for Google Calendars, the other is for Outlook.
Here's some more advice to keep in mind from the Federal Trade Commission:
Phishing Advice (Includes infographic and were to report spam):
FTC Additional Info:
Report SPAM by forwarding to email@example.com
FTC Contact Info:
- FTC’s Consumer Response Center at 1-877-FTC-HELP (1-877-382-4357)
Four steps to protect yourself from phishing:
- Protect your computer by using security software. Set the software to update automatically so it can deal with any new security threats.
- Protect your mobile phone by setting software to update automatically. These updates could give you critical protection against security threats.
- Protect your accounts by using multi-factor authentication. Some accounts offer extra security by requiring two or more credentials to log in to your account. This is called multi-factor authentication. The additional credentials you need to log in to your account fall into two categories:
- Something you have—like a passcode you get via text message or an authentication app.
- Something you are—like a scan of your fingerprint, your retina, or your face.
- Multi-factor authentication makes it harder for scammers to log in to your accounts if they do get your username and password.
- Protect your data by backing it up. Back up your data and make sure those backups aren’t connected to your home network. You can copy your computer files to an external hard drive or cloud storage. Back up the data on your phone, too.