If you use Google Calendar–you know, that easy calendar app that comes with a Gmail account–you need to know how to protect yourself against the cybersecurity vulnerability Google refused to acknowledge.
According to Forbes, hackers disclosed the cybersecurity vulnerability in Google Calendar and demonstrated how it could be weaponized against the 1.5 billion users of the app in 2017. For 2 years, Google did not address the vulnerability except to indicate, as I understand it, that it is a spam issue and therefore protected by the user agreement. Earlier this month, Google finally confirmed there is an “issue” with Google Calendar but, until it is resolved, it is up to you to protect your cybersecurity (as it always is, really).
In fact, the functionality allowing others to schedule an appointment with you via the Google Calendar app enables hackers to phish you in a way similar to the smish. That is, the approach through the calendar can be unexpected and catch the user off guard. Like smishing, the recipient, assuming the sender must be known to them, responds to the invitation request by clicking on a link in the request/message to activate malware or provide sensitive information (banking, credentials, etc.).
[Read 6 Easy Ways to Protect Yourself from Smishing]
As (very) small business owners/freelancers/solo practitioners, the more we automate parts of our business, the more time we have to do the things that will make us successful. As Cal Newport, author of Deep Work: Rules for Focused Success in a Distracted World recently told NPR’s Shankar Vedantam, “No one’s ever made a fortune by being really good at sending and receiving emails.”
[Learn more about cybersecurity scaled for (very) small business demands and budgets: Freelancer’s Guide to Cybersecurity]
The same can certainly be said for calendaring, which many of us automate. But, until Google addresses this threat, easing up on the access others have to our Google Calendar is the best bet.
How Do I Safeguard My Google Calendar App?
Disable the automation that gives hackers the ability to reach out to you through Google Calendar. The 2 settings that automate calendaring are found in the Google Calendar Settings menu. They can be disabled in 2 quick steps:
-
- In the Event Settings section (of the Settings menu), find “Automatically add invitations” and select “No, only show invitations to which I have responded” from the drop-down menu.
- [Optional] If practical, in this same section I would remove all “Default guest permissions.”
- In the Events from Gmail section (of the Settings menu), deselect (uncheck) the “Automatically add events from Gmail to my calendar” option.
- In the Event Settings section (of the Settings menu), find “Automatically add invitations” and select “No, only show invitations to which I have responded” from the drop-down menu.
Of course, there is no substitute for vigilance and a healthy dose of skepticism in cyberspace. I recently read an analysis ascribing 90% of cyber attacks to indiscriminate clicking on links in emails, texts, etc. (I can’t remember where–if I find it I will link to it!) So, when in doubt, don’t click. Call or discuss a request for sensitive information in person.
Remember that every chain is only as strong as its weakest link. Do your part to create communicative environments at home and at work that promote awareness about cybersecurity!
Stay safe!
3 thoughts on “Google Calendar Phish Attacking Users’ Cybersecurity & Privacy”