Google Calendar a New Target for Phishing

Keep on Guard!


It seems like the Phishing crews at trying to get some new ideas on how to con people into giving away their credentials and leaking info.

The latest target appears to be Google Calendar.

As always be on your guard as these scams are coming from all directions.

A few months ago, spam came to Google Calendar. Now phishing has arrived.

Intrepid Google watcher Philipp Lenssen wrote late last week about being the target of a phishing attempt via Google Calendar.

He received an e-mail to his Gmail account with a reference to a legitimate event from his calendar. The sender was listed as “customer care,” and it asked him to verify his account by supplying his username and password.

It seems to the same old style as normal e-mail phishing but utilising the Google Calendar interface. It comes bundled with the usual spelling and grammatical errors that plague phishing e-mails.

I wonder how many people are falling for this one? If generic phishing ploys are anything to go by…it will be quite a lot.

On May 28, a Google Talk Guide addressed the issue in a Google Groups thread, urging users to click the “Report Phishing” link if they receive suspicious e-mails and not to click on links within the e-mails or open attachments.

Late on Monday, a Google representative e-mailed this statement: “Spam is an issue for all Internet users, and we work very hard to fight it. Using Google Calendar, or any Google product, to send spam is a violation of our product policies. We are actively identifying Calendar accounts that send spam and disabling them.”

Perhaps drop a note to any non-tech friends using Google Calendar just to warn them that this is happening.

You might save someone a lot of trouble.

Source: Cnet (Thanks to Navin)

Posted in: Privacy, Social Engineering, Spammers & Scammers

, , , , ,


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


8 Responses to Google Calendar a New Target for Phishing

  1. Navin July 2, 2008 at 8:56 am #

    cheers!! :)

  2. Daniel July 3, 2008 at 5:40 am #

    Phishers just like Botnet Controllers and Virus distributors will use any vector to push their product. From Facebook, to Warcraft to Digg.com there’s always somebody dumb enough.

  3. Sandeep Nain July 3, 2008 at 6:44 am #

    Well that was supposed to happen. Phishers and spammers don’t let go any type of web application which accepts user input and displays it to public…

    Emails, forums,blogs and now google calender.. But luckily google has been very fast in fixing such stuff. They will find a way to handle this as well..

  4. Navin July 3, 2008 at 9:12 am #

    when will people learn I wonder!!

    how utterly stupid are those who blindly give away their passwords to such emails

    My favourite form of phishing has to be the one shown below:

    Hack any email id in 6 steps

    1.Go to compose mail in your id

    2.type the email id of the person whose id you want to hack

    3.type in YOUR email id AND YOUR password
    (this is to authenticate your id with the mail server)

    4.Below this type the following without the quotes
    “!#^#HDH*#@*$mailserver..ping.id>25381djskadm:hacka-hacka”

    5.Then send the mail to hackid@ (some mailserver).com

    6.The password of the person will be processed and sent to you within 2 weeks

    Its amazingly mindnumbing how many people I know have fallen for this and given away their passwords and ids to phishers

    but after all they did deserve it….they’d set out to hack someone’s ID hadn’t they?? I fondly remember someone who had bet me Rs.500 (roughly $11) to hack my id and he fell for this….not only was i richer by $11, he lost his password and id!!hehe

    its absolutely right when they say ” Curiosity killed the cat”

  5. grav July 3, 2008 at 7:56 pm #

    One of my favorite practical jokes is to do this on april 1st
    I’m planning on doing it to my dad this year : )
    He not too good with keeping his info to himself, so it’ll be a lesson in computer security

    We all should learn about phishing so that we are not susceptible to it. It still baffles me as to why we learn, in school, about history and wars so that they are not repeated, but we do not learn about basic computer security, so we still fall to it…

  6. Navin July 5, 2008 at 10:56 am #

    hehehe

    thats not really something I’d do to my dad!!
    he’d probably disinherit me!! ;)

  7. grav July 5, 2008 at 6:26 pm #

    He doesn’t have to know it was you does he : )
    And how do you do the .gif icon?

  8. Navin July 26, 2008 at 2:02 pm #

    yeesh….this might just never get read by U grav but let me tell you

    You just leave a space and type [;)] (thats semicolon followed by a closing round bracket Widout a space between the two) without the square brackets to get a winking gif smiley
    [:)] (thats colon followed by a closing round bracket Widout a space between the two) gives a smiling……. well, smiley!!
    [:( ] (thats colon followed by a opening round bracket Widout a space between the two) gives a sad faced smiley (there’s something I never thought I’d say!)

    There are probably many more but these are the ones I generally use

    Just remember to type without the square brackets and not to leave any space between the 2 characters (as you’ve done in the above comment.

    Someone hacked past my initial firewall :(
    He managed to get his hands on Nothing :)
    I read a lot of darknet so I knew how to encrypt my data with multiple firewalls and use stronger encryption!! ;)