A Weak Spot that Allows Scammers In? Your E-Calendar
Email users know that an errant click can invite scammers in, but a meeting invitation? A tricky scam can install malware after users click on a seemingly legit meeting.
Emails, texts and now meeting invitations – a good rule of thumb is to avoid clicking on anything.
In the latest scam that allows criminals to install malware, ransomware and other computer-killing applications, scammers are using calendar settings to infect computers.
According to the Better Business Bureau, this scam shows up in the from of a business invitation – generally something that the user doesn’t recognize but might consider legit. In most cases, the user first becomes aware of something wrong when they see an event in their calendar that’s clickable. It often suggests that the user click for some kind of discount or survey, or it offers directions to a local event. However, the reason to click can vary.
How did the event appear in a personal calendar? A user’s default calendar settings often allow other people to add an event even if the initial user didn’t accept it. It becomes a “phishing” scam when the event that looks legit actually gives the scammer permission to download malware to the user’s computer. The link might also lead to a page that asks the user for personal information.
Ways to avoid a calendar phishing scam
Don’t click links. While most meetings and events are likely legit, avoid anything that seems unusual or you don’t remember scheduling. Similar to scam emails and texts, any click is interpreted as a user giving the scammer permission to proceed.
Change calendar settings. Look for any setting that says something like “automatically add invitations.” Most send out invitations that the user can either accept, decline or possibly click “maybe.” Calendars should only accept meetings that the user specifically agreed to beforehand.
For more information on phishing scams, visit the Better Business Bureau’s website.
Source: Florida Realtors®