Ci spiace, ma questo articolo è disponibile soltanto in Inglese, Russo e Ucraino.
There are plenty of ways scammers can get your information. Today we will talk about online-learning phishing and how hackers use Google Calendar for their purposes.
Dangerous knowledge
The approach to learning has changed drastically in the last decade. Now you can get the necessary skills without leaving your apartment. Courses, online marathons, and webinars. There are so many opportunities for self-improvement that it`s a sin not to take advantage of them. Nowadays bloggers are exploiting the topic of self-improvement. They consider their duty to create online products and earn on their sale. Topics range from “how to make your butt grow” to “how to earn your first million”. They offer a FREE webinar or files with “priceless” information. All you need to do is to enter your email and wait for the response. In terms of sales – it’s a great approach, but what about cybersecurity.
A lot of people want to drop their data and get something for free, which attracts hackers. It is unlikely that bloggers are very concerned about cybersecurity. So hackers use this opportunity to get an email database and then send phishing emails.
Plan carefully
The modern person is obsessed with planning. Google Calendar has become our best friend, and therefore a potential vulnerability. Phishers realized that they could use the calendar settings to place their events with phishing links or files in their victims’ schedules. In many cases, this also triggers automatically notifications. As they come from a trusted application, it builds people’s confidence in the fake events.
How do they do this? The attack comes directly from scammers who send a wave of calendar events to multiple Google Calendar users. The hackers take advantage of a default setting, according to which the victim calendar automatically adds any event and sends a notification about it. Hackers write a couple of lines about the event, and offer to follow the link, read the details, or download a description file. Then they wait for you to follow a malicious link or open attachment.
Remember, if you have any doubts, don’t click.
