If suddenly you find that Google Calendar is telling you to pick up that iPhone 11 you’ve won, don’t worry, you’ve not been hacked. Most likely what has happened is that Phishermen have sent multiple calendar invites to you knowing that you most likely have the default event settings for Google Calendar.
It’s worth noting that it isn’t always “iPhone giveaways” and if you find yourself with a mystery calendar reminder, don’t click the link. It will most likely try to steal your credentials by using a fake login portal or something worse.
Instead, simply delete the invite and fire up Google Calendar inside your browser.
To view the settings, first, click on the Cog and then Settings
Under Event Settings you will see the following:
This is the reason that the mystery invite popped up. By Default, Google Calendar will add the event to your calendar even if you haven’t responded or been made aware. Meaning that you don’t need to accept or reply for it to show up and remind you.
Malicious parties are using this technique as it is different from the norm. Most users nowadays will be aware of Phishing emails but a calendar invite? Maybe not.
Users are more likely to fall for this attack due to calendar invites looking less scary. Plus the awareness aspect of it as we have been drilling into them that Phishing attempts are email based.
If you want to protect yourself and others from this attack, you will need to change the event settings to the following:
This way, only calendar invites you’ve have replied to will appear. If you know anyone who uses Gmail or Google services, it’s worth sharing this information as this type of attack will only grow.
amoran.io 
Leave a Reply