As part of National Cybersecurity Awareness Month, Campus Technology Services (CTS) is covering new cybersecurity threats that have emerged this year. Today’s topic is calendar phishing.
Mail calendar services such as Google Calendar are central to every Laker’s daily life. As is the case with other digital tools people rely on, malicious actors have targeted these calendar services as another avenue to deceive and defraud.
Calendar phishing is performed by leveraging services attached to your calendar, such as email, to create unwanted and malicious calendar events. Since calendar services are designed to auto-generate events based on emails with calendar invites, they can appear on calendars with little interaction from the user.
In an instance of calendar phishing, there will often be multiple calendar events generated that contain worrying messages with malicious links embedded in the event. These links often claim to be there to stop a negative event from happening, but are, in actuality, the method the malicious actors use to steal credentials or commit financial fraud.
To protect yourself from these attacks, follow these tips.
- If you see an unsolicited calendar event on your calendar, treat it with suspicion.
- Unsolicited events that mention cryptocurrency transactions should be treated as malicious; do not interact with them.
- Be wary of links in calendar events, especially if you don’t know why they are on your calendar. Hover over rather than click the links to see what the site is. If it is unfamiliar and unexpected, do not click on it.
- If you click a link on an event and you’re asked for account credentials, be especially wary: This is often a method used to break into accounts. Make sure it is a trusted site before entering anything.
- If you believe an event is a phish, you can report it as such via Google Calendar. To do this, click the event, click the three dots at the top right of the event, then click “report spam.”
If you believe you may have engaged with a calendar phishing event or would like to report an instance of calendar phishing, please forward the email invitation to the CTS Help Desk.
-- Submitted by Campus Technology Services