Scammers are using Google’s Calendar app to trick users into clicking on phishing links that upload malware hidden in a java script. Over 1.5 billion users are at risk. Scammers send a calendar invite complete with meeting topic and location to fool users into clicking the innocent and valid looking link poised to send them more meeting details.
Phishing is still the #1 threat action used in social engineering attacks, and spear phishing in particular, takes advantage of your users’ socially networked lives says KnowBe4. Users can now add Calendar invites to their list of risks.
Security awareness training helps organizations minimize their risk of viral infiltration by educating staff about the details of current hacker tactics. Calendar invites need to be added to current awareness training and reinforces the need for continual diligence on the part of an organization’s IT security team. Especially given the fact that automated security tactics like email filters have a 10% failure rate.