Forbes Warns: New Security Warning Issued For Google’s 1.5 Billion Gmail And Calendar Users
Google’s ICS file is now being used as a clever social engineering tool to bypass Google’s own spam filters and allow attackers to launch social engineering and phishing attacks. Knowbe4’s Javvad Malik is quoted in the article.
“Beyond phishing, this attack opens up the doors for a whole host of social engineering attacks,” says Javvad Malik, security awareness advocate at KnowBe4. Malik told me that in order to gain access to a building, for example, you could put in a calendar invite for an interview or similar face to face appointment such as building maintenance which, he warns “could allow physical access to secure areas.”
Kaspersky research notes that “attackers throughout the last month using this technique to effectively spam users with phishing links to credential stealing sites. By populating the location and topic fields to announce a fake online poll or questionnaire with a financial incentive to participate, the threat actors encourage the victim to follow the malicious link where bank account or credit card details can be collected. By exploiting such a “non-traditional attack vector,” the criminals can get around the fact that people are increasingly aware of common methods to encourage link-clicking.”