A sophisticated cyberattack is targeting Gmail users through fraudulent, unsolicited Google Calendar notifications.
The campaign takes advantage of a common default feature for people using Gmail on their smartphone: Calendar invites automatically pop up on phones, prompting users to accept or decline them.
“Cybercriminals send targets an unsolicited calendar invitation carrying a link to a phishing URL,” explained Kaspersky researcher Maria Vergelis, in a write-up on Monday. “A pop-up notification of the invitation appears on the smartphone’s screen, and the recipient is encouraged to click on the link. The website where they are directed then tells victims to enter their credit-card details and add some personal information – which is sent straight to the scammers.”