Google investigating Gmail-Calendar scam that can steal your cash

Google investigating Gmail-Calendar scam that can steal your cash
Back in June, we told you about a scam involving the Gmail and Google Calendar apps. Criminals, taking advantage of a default feature that allows them to add invitations to a Calendar user's schedule via Gmail, were creating fake events like wire transfers. The description of the event would note that an important piece of information, such as the bank account owner's PIN number, was missing. A notification from the Calendar app would show up on the phone, and when tapped, would link to an official-looking form where the PIN number could be filled in and sent back to the scammer. And because the notification came from the trusted Google Calendar app, the victim would have no reason to question its authenticity.

In another variation, a fake Calendar entry might say that the phone owner just won a contest and needs to provide his/her social security number for tax purposes. Again, a notification would appear on the phone and the target would tap on a link to reveal an official-looking document. The victim enters his social security number and his bank and brokerage accounts are subsequently drained.

Google has finally taken notice of the scheme and recently put up a post on the Calendar Help page (via Forbes). The message reads, "We're aware of the spam occurring in Calendar and are working diligently to resolve this issue. We'll post updates to this thread as they become available. Learn how to report and remove spam. Thank you for your patience." It is more than a little self-serving that Google refers to this as "spam" when the truth is that a real security threat has been identified. On the other hand, Google has included a useful link in its post that tells users what to do in case a suspicious event appears on their phone.

Google warns users not to respond to event invites from their phone, Instead, from a desktop or laptop computer, you should open the desktop Google Calendar app at calendar.google.com. After double clicking on the suspicious event, on the top of the screen tap on More Actions and then Report as Spam.

The scam or security issue was first discovered by researchers back in 2017


There is also a way to change the settings on Google Calendar to prevent this from happening to you. Go into the Google Calendar settings and under "Event," change the setting from "Automatically add invitations" to "No, only show invitations to which I have responded." At the same time, you should prevent Gmail entries from automatically adding events on the Calendar app by unchecking the box marked "Add automatically" under the "Events from Gmail" heading. These are changes that we told you to make back in June and now that Google is getting involved, you might want to take the time to protect yourself from this scam.


The fact that Google is now looking into this indicates how dangerous the issue is. Outside of stealing money from unsuspecting consumers (who are trusting the Google name, we should point out), security codes and other secret information could be obtained by terrorists with a goal far more deadly than stealing some cash. First spotted by two researchers at Black Hills Information Security in 2017, the scam/security threat was not addressed by Google until a few days ago.

The criminals trying to pull off this scheme are counting on the victims not paying attention to the notifications they are receiving. Blinded by prospects of receiving a bank wire or winning a contest, there are many phone owners who wouldn't think twice about providing the requested information. Multiply this by the huge number of Gmail and Calendar uses and you can see why it is an enticing scheme for those who aim to separate people from their hard-earned money. Let's just be glad that Google finally woke up before a plot more deadly was devised using two seemingly innocuous apps like Gmail and Calendar.

FEATURED VIDEO

7 Comments

1. boriqua2000

Posts: 258; Member since: Mar 11, 2009

My Google calendar showed that i won a iPhone. I thought Google was putting spam on the app so i switched to the Samsung calendar.

7. Crispin_Gatieza

Posts: 3137; Member since: Jan 23, 2014

Ay bendito nene!

2. Crispin_Gatieza

Posts: 3137; Member since: Jan 23, 2014

How can anyone in this day and age fall for something so patently stupid? Darwin was right, the lower species must eventually die off.

3. Alcyone

Posts: 398; Member since: May 10, 2018

Unfortunately, as majority of people naturally age, mental sharpness declines. Yeah, people can be stupid. But, the majority of older people fall for scams. You, me and the next person won't always be so mentally sharp.

4. jeffchapmanjc unregistered

I'm 59. My first computer was a 486 - it had a "turbo" button. I didn't grow up with technology, but I kept up with it and I have never fallen victim to such silliness. Whether they call, snailmail, email, or sneak into your calendar, you have to question the authenticity of the source.

6. Crispin_Gatieza

Posts: 3137; Member since: Jan 23, 2014

I’m eligible for AARP myself and like @jeffchapmanjc, I’ve never fallen for any scams.

5. andriodfanboy1

Posts: 168; Member since: Jul 22, 2014

Lately i have also been receiving this notification frm calender via Gmail

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.