Author

Topic: New phishing attack using Google Calendar (Read 348 times)

legendary
Activity: 2212
Merit: 7064
July 29, 2019, 02:41:07 PM
#23
Try Tutanova email.
Super great email client, privacy oriented, and they have great Calendar that in encrypted Wink

Quote



jr. member
Activity: 312
Merit: 1
Wow that is really scary, I am surprised this isn't more known in the space. Luckily I haven't come across this year. Did you receive an email first and then it took you directly to the calendar invite?
hero member
Activity: 2814
Merit: 618
Leading Crypto Sports Betting & Casino Platform
OMG Shocked how is this possible in the first place? Damn I'm glad I don't use google calendar on my phones,too many physical calendars in my home

Same here. I also do not use google calendar as i use the built in calendar in my iphone. But this is a brand new way of scamming people. Previously people used to scam people by emails but that has become too predictable and many people already aware of it.
legendary
Activity: 2268
Merit: 18748
Personally, I hesitated and tried to avoid using automatical synchorisation on all things I did with my Google accounts, search history, and so on.
Using the settings Google provides to tell Google products to stop collecting data on you almost certainly does nothing except stop you from seeing the data being collected on your devices or on your Google account. I fully expect they still collect and store all that data. There are lawsuits against Google for tracking users' locations even when they turn off location history, so I doubt turning off search history actually stops them from recording your search history; you just won't see it anymore. It's just like on Windows 10 when you turn all the privacy settings up to max and disable all its telemetry, yet you can see it still calls home to Microsoft owned IPs thousands of times an hour.

The only way to actual maintain your privacy from these companies is to not use them at all.
hero member
Activity: 2366
Merit: 838
Bear in mind Google will share this information with any third party as they see fit.
It means Google acts nearly the same way the Facebook did. There is no doubt about that, and users have to accept risks of using Google, and some applications in Google ecosystem. Personally, I hesitated and tried to avoid using automatical synchorisation on all things I did with my Google accounts, search history, and so on. Someone might think it will help them to have convenience when switching between their workplace and at home, but I simply se risks. Sychnrosie search history on some computers with same account sounds interesting, but for what? It is not an essential thing to use that feature, so I ignore it.
legendary
Activity: 2702
Merit: 3045
Top Crypto Casino
I decided to dig deeper into the subject and here is a great article I found:
Tricky scam plants phishing links in your Google calendar
Also:
Google Calendar scam adds malicious links to your schedule
hero member
Activity: 2366
Merit: 838
Be safe: never click on suspicious links
               never join bounties/airdrops that ask you to provide your email (or at least use a throw away email)

It is sure that being careful before clicking on links is key to protect your devices and your accounts. Using throw-away emails is good approach for bounties, airdrops, and should do, but bounty hunters can do use their real emails. Just avoiding to use their main accounts, that used for their bank accounts, their main exchanges' accounts for such un-important things like bounties and airdrops.
Above all, they will be safe if they carefull with strange emails and links sent to their inboxes (whatever emails they use)
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
What a smart way to trick someone to click phishing link, and some people will actually believe that this is something legitimate, because it comes through official Google app. I never use that app, and I do not see it in my new smarthphone (Huawei), so I check on Google Play and there is available for download.

Google is actually involved in everything, and there is no doubt that it can help you in many things, but since all that is free for users, they need to in some ways to make a profit on that. They use all that data about users and make huge profits, but it is same with Facebook, Twitter or any similar service. If you use Windows OS as most people do, you are also under constant surveillance.

Privacy is a very demanding and expensive privilege today, and if you use anything to hide your track, you become even more suspicious in the eyes of those who want to control everything.



khaled0111, you probably know, but mobile phone is not good way to keep such sensitive data. I hope you can find a better solution in the future.
legendary
Activity: 2268
Merit: 18748
If you have a Google account, you can visit https://maps.google.com/locationhistory to see just how much it tracks your movements. I had a friend show me his: it literally is down to the minute. It tracks how you travel between locations, and pairs up your location with what is at each location (home, work, bar, shop, etc.) and how long you spend there. It really does have complete profile of everything you do.

You can also visit https://takeout.google.com/ to download everything that you are allowed to see that Google holds on you. Everything from location history as above, to all your web searches, calendar entries, payment history, voice recordings, home information, even your heart rate and sleep schedules. Then there is of course all the data you don't see. If you use Chrome, or leave your Google account logged in while browsing, then they also have a complete record of everything you have ever done online.

Bear in mind Google will share this information with any third party as they see fit.
full member
Activity: 476
Merit: 101
This is scary, though, I haven't encountered or experience it yet, upon browsing the net, there are more than 600k result about the phishing attack using google calendar.

Sometimes, we get excited when receiving invitations and haven't thought twice before clicking the link. This very tricky idea to take advantage on the others.
legendary
Activity: 2170
Merit: 1789
I don't use any google products not even their gmail.  I truly believe they are secretly tracking our moves and selling the data.

They no longer do it in secret. They openly do it and you should've realized by now. Most people are fine with it as it "helps their life", but who knows what will happen if they decide to use your data to 'hunt you down'.

legendary
Activity: 2758
Merit: 6830
I don't use Google products, and so I had no idea Google did this. Are you saying Google automatically reads the contents of all your emails, picks out anything that looks like an appointment, ticket, event, meeting, flight, hotel, whatever, and shares that across all its apps and databases? And people just accept that this is happening? I knew Google's privacy invasion was bad, but wow. Are people honestly so lazy that they will allow Google access to literally everything about them just so they don't have to remember that they've booked a flight?

For anyone interesting in moving away from all Google products, here is a good place to start: https://www.reddit.com/r/privacy/wiki/de-google
Exactly. I had a booked fly last year and Google automatically organized everything for me in many of his products. Talk about convenience, huh? But at what cost? That was what made me finally move to a privacy-oriented email provider.

They basically scrape your email and add a card on top of it with every information about the fly. So they basically have access to all of it.

I don't use any google products not even their gmail.  I truly believe they are secretly tracking our moves and selling the data.
They do. It's not that big of a surprise.
member
Activity: 153
Merit: 23
I don't use any google products not even their gmail.  I truly believe they are secretly tracking our moves and selling the data.
legendary
Activity: 2268
Merit: 18748
I believe they send you an email that makes Google think it's an event, so they automatically add it to your calendar.

It's like buying a travelling ticket. Most companies send their email in a way Google know when and where the travel is going to happen, so it adds it to your calendar to make things easier for you.
I don't use Google products, and so I had no idea Google did this. Are you saying Google automatically reads the contents of all your emails, picks out anything that looks like an appointment, ticket, event, meeting, flight, hotel, whatever, and shares that across all its apps and databases? And people just accept that this is happening? I knew Google's privacy invasion was bad, but wow. Are people honestly so lazy that they will allow Google access to literally everything about them just so they don't have to remember that they've booked a flight?

And now it seems that using Google products is also a security risk for your crypto, not just a privacy risk. For anyone interesting in moving away from all Google products, here is a good place to start: https://www.reddit.com/r/privacy/wiki/de-google
legendary
Activity: 3234
Merit: 1375
Slava Ukraini!
Damn, these bastards are really smart and always find new ways how to scam people. I have Google calendar on my phone, I can't say that I'm using it very actively, but so far I haven't faced such phishing links on it. First of all, it's interesting how this event appeared on your calendar if you didn't added it. Maybe it's possible that you given access to your Google Calendar for one app on your phone?
hero member
Activity: 3150
Merit: 636
DGbet.fun - Crypto Sportsbook
I have all my private keys and sensitive data stored on this phone, thankfully I am too skeptical and never click on short links.
Now that you are aware of their trick, you should start backing it up on a piece of paper or somewhere which has no connection to the internet. I'm also using this calendar, is this the red icon calendar that's already installed to each android phones?

Though I use it but I don't keep important data like my private keys, I don't store it on my phone. OP you need to act quickly though nothing happened for now but it's better to be safe and don't be confident storing your sensitive data there.

legendary
Activity: 3122
Merit: 1398
For support ➡️ help.bc.game
Google Calendar is a pre-installed app on some of the Android phones today.

I don't use this since it's not necessary. I even removed these to GAPPS flash zip back then when installing GAPPS is manual (older android version).Stock Calendar app is enough. Better disabled that along with other GAPPS that not primarily or regularly used (Settings>App>).

Quote
Scammers are adding fake events or inviting you to different events so that you open them and click on a link that could give them access to your data.

In other words, sort of tricking someone to click their link.

Like the usual way of phishing, we need to use our common sense to deal on this. Thanks for bringing the news here OP.
legendary
Activity: 2758
Merit: 6830
How can someone add events to your calendar without access to your google account or the email associated with it?
I dont understand how this attack can be carried out just by knowing someones email address.  
I believe they send you an email that makes Google think it's an event, so they automatically add it to your calendar.

It's like buying a travelling ticket. Most companies send their email in a way Google know when and where the travel is going to happen, so it adds it to your calendar to make things easier for you.
member
Activity: 686
Merit: 45
How can someone add events to your calendar without access to your google account or the email associated with it?
I dont understand how this attack can be carried out just by knowing someones email address. 
full member
Activity: 756
Merit: 231
OMG Shocked how is this possible in the first place? Damn I'm glad I don't use google calendar on my phones,too many physical calendars in my home
Come-on mate nothing like Google calendar because it reminds you of many stuff that are worth keeping, even dateofbirth among others. The important information from this thread is: never click anything that's not clear for you no matter whose platform's the ads shows. I got series of these notifications but always careful for what I click, also, Brave browser can be of a help to block those unwanted ads show from your phones or desktops and prevent you from phishing links.
member
Activity: 166
Merit: 12
OMG Shocked how is this possible in the first place? Damn I'm glad I don't use google calendar on my phones,too many physical calendars in my home
legendary
Activity: 3542
Merit: 1352
Cashback 15%
I also got that notification from my phone's Google Calendar, and I have since deleted all of the reminders without clicking any of it in the link. This has affected all of my future appointments and alarms on the calendar but I do have some of the most vital apps installed here on my Android. I just hope that this gets forwarded immediately to Google for it to get rid off immediately. Good thing that I haven't installed my banking apps and other important things on this phone, else I might get screwed.
legendary
Activity: 2702
Merit: 3045
Top Crypto Casino
It seems like hackers/scammers found a new way to send phishing links to their victims.
They are not using emails anymore. Now, they are using a new a strategy which is less suspicious through Google Calendar.

I was browsing this forum when I received a notification about an event.
Here is how it looked like:


Translation:
Quote
GREAT OPPORTUNITY TO SOLVE FINANCIAL PROBLEMS! Get your massive cash boost today
Please do not visit the link in the image.

It is scheduled to show the notification each day at the same time:


I have all my private keys and sensitive data stored on this phone, thankfully I am too skeptical and never click on short links.

Be safe: never click on suspicious links
               never join bounties/airdrops that ask you to provide your email (or at least use a throw away email)
Jump to: