Phishers cast wide net with spoofed Google Calendar invites Criminals are spoofing Google Calendar emails in a financially motivated phishing expedition that has already affected about 300 organizations with more than 4,000 emails sent over four weeks, according to Check Point researchers. The crims modify sender email headers so the messages appear to be legitimate Google Calendar …
There is an astounding amount of adults who just blindly trust anything they see on their smartphones (because that is where the action is now).
Just last week one of my wife's friends complained about her phone having been hacked. Turns out my wife had sent her a URL to a shop store following one of their (lengthy) discussions, and instead of using the link my wife sent her, she went to FaceBook instead, and obviously she clicked on some scammer link and now her phone is in tatters.
She's a retired schoolteacher. You'd think that she'd have enough brains to use the link her friend sent her.
I guess not.
100%!
The "smart" phone has become the next weak link in the chain.
There's far too much trust put on that device being the source of truth and the only way to do things.
As an example, my kids blindly click the first link in any search result without thinking or acknowledging the fact it will more than likely be a sponsored link/advert, which may or may not be what you want.
That's become a lot harder to do at home as I have PiHole operating. :)
We seem to be dumbing down the population with access to way too much information, without giving them the tools to think and research what they are trying to do.
Great for advert slingers, possibly advertisers as well, not so much for the end user!
>>That's become a lot harder to do at home as I have PiHole operating. :)
Pi-Hole is great however I have to bypass it for SWMBO because scrolling down to non-sponsored links is too hard... sometimes I wonder about the prospects for humanity when an otherwise quite intelligent person insists on shittifying their phone/digital life for no reason other than "The link is broken... I am fed up of trying to find the right one". Bypass is required for the TV as well.... becasue the "Smart" apps for various channels don't work otherwise.
Sigh. One day she may see the light.
An ad blocker would remove the adverts instead of just breaking links and hoping that means some ads won't load properly. It also doesn't break other things that aren't browsers.
(Of course if the intention is to use it with a TV then sure... But why is your laptop also going through it when it has the ability to run a proper ad blocker?)
> Hover over links and then type the URL into Google rather than just clicking on it.
The link is irrelevant, and in many companies will be a huge URL full of "random" characters that goes via a service that can block the link if it is later detected as bad.
The way to verify links it to click the link, then when the redirects have finished and you are on the login page you check the URL of the actual page to confirm it is Google/Microsoft/etc before entering your credentials.
Also, if you get an unexpected invite from someone you don't know, you ask who they are? And if impersonating someone you know, you ask that person what the unexpected meeting is all about...?
We have a group of users who regularly receive files unexpectedly from industry contacts. Their instructions are to phone the sender before opening. Whilst I am not aware of another companies IT department officially giving this advice, it is something that once our users started doing it many of their contacts started doing it as well because people talk, and many have replied to an email asking if it is legit and gotten a "yes all safe" reply followed by "no, my account was compromised, don't open"... And they fear for their jobs enough to have started doing this without being told.
I have an Android phone
I use the calendar
.. Though in the most unexciting way possible ... *
I use it to give me a reminder on what evening to put out the various rubbish collections.
,,We have "refuse", "green waste" and "recycling" collections, however these are not all collected each week and not all collections are on the same day, plus the fun of collection days all changing when bank holidays anywhere near a given week, so there is a valid reason for this calendar usage** (especially as its one of my household chores so I get grief if a collection is missed & if it happens to be a collection where multiple weeks to the next one can end up with overflowing bins).
* Unless some other commentard has an even duller use
** Due to this level of planning I have ended up as de facto "binfluencer" on our cul de sac, with neighbours spotting what bins I have put out & then doing the same. So far I have resisted the urge to deliberately put out the "wrong" bins and then swap to correct ones at 2 AM
I have my Google calendar on my phone's home screen. I put things I need to remember in it...
How many people do you think use a different calendar than the one that they already have built in to the device they already carry at all times?
What do you do? Write things on a notice board at home that you can't see until you get home and go "oh crap, I was meant to be at that thing which started 10 minutes ago..."?
as one of those that hate goog, I use goog email so they can have a profile on me - that I want them to have. All their other 'services' won't use, there is no value in them and their lack of security. Thanks to googs poor security history with goog docs I was able to ensure it is blocked at our company with no exceptions. Their lame method of not using unique subdomains for customers/victims prevents us making exceptions. Goog is just evil and deserves no respect.
Everyone who works for my employer has to use not only Google's calendar but also Gmail, Docs, Drive, Meet, etc. I'm pretty sure my employer isn't unique in this. I minimize the annoyance by using third party frontends for the calendar and email, but it's still Google behind the curtain.
> Hover over links and then type the URL into Google rather than just clicking on it.
Yeah, right. Google calendar links are of the form "https://calendar.gooogle.com/ calender/u/0/r/editevent /NzdpZDJsdH V1MGNpczU1 c1bHJyZW %lkQGW1 lazU4azdm c2YgcGF0"(*) Yes, 98 mostly random characters. I can't even type "teh" correctly, HTH am I gonna type that gibberish link?? (And I use a keyboard; forget typing with thumbs.) Do Google people even taste their own dog-food?
AND what Mike007 said.
(*) Lightly corrupted for my privacy; also old.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
