The advancement of technology is amazing, but as technology becomes more advanced, so do the cyber security threats that follow. In a recent security report, it seems there has been a spate of phishing scams that abuse Google Calendar to bypass its spam filters. This means that the system that would have normally stopped these attempts is no longer as effective.
Bypassing spam filters
This is based on a report from Check Point, a company specializing in cyber threat intelligence, which has been monitoring the attacks. So far, the company found that these hackers have targeted 300 brands and have sent out over 4,000 emails over the course of four weeks.
The companies included in their hacks are educational institutions, healthcare services, banks, and more. What makes this particular phishing scam effective and dangerous is it manages to bypass the Google Calendar spam filters. These spam filters are designed to filter out emails from suspicious emails that might be scams or spam.
Similar to Gmail’s own spam filters, the Google Calendar spam filters work quite well. The fact that these hackers managed to bypass it is worrying. This is because the attackers use Google Calendar services to initiate these invites.
As a result, the spam filters don’t work because as far as the system is concerned, it is coming from a legitimate service. If you are the target of an invite you’re unfamiliar with, the best thing to do is ignore it. Especially if it contains a link that asks you to click on it.
Staying safe out there
A recent report has indicated that phishing attacks are on the rise. The report claims that it has seen an increase of 40% in phishing attacks in 2023. This is extremely worrying as phishing attacks are designed to steal information from users.
More traditional hacking attempts use brute force methods. Phishing, on the other hand, relies on cleverly disguised emails or websites to trick users into entering their credentials. This means that users might inadvertently hand over sensitive information. This includes login names, passwords, or credit card numbers.
One of the ways to ensure that you’re not a target of a phishing attack is to double-check the email address or website URL. For example, you might receive an email from someone claiming to be from Google. The email address, upon first glance, might look like it’s from Google with an “@google.com” address. Upon closer inspection, it could turn out to be “@gooogle.com” or something designed to look very similar to the unobservant eye.
This same method of double-checking can be applied to websites. Another way is to just go to the website directly, or search for it and click it directly from the search results.
