Byte of Prevention Blog

by Jay Reeves |

Google Calendar is Phishing Minefield

Pin on Pinterest Share on Google+ Share on LinkedIn

As if you didn’t already have enough to worry about with cybersecurity, now we learn that Google Calendar might be a minefield and Flash video player could be a ticking bomb.

More than 1.5 billion people who use Google Calendar are potential victims of an ongoing phishing scam.

“Scammers send a calendar invite complete with meeting topic and location to fool users into clicking the innocent and valid-looking link poised to send them more meeting details,” writes web security expert Craig Petronella. By clicking on the link, users inadvertently upload malware hidden in a javascript.

And Flash video player is being used by the hacker group ShadowGate to lock down computers and hold them ransom.

“The attack targets exploits found in outdated versions of the Flash video player,” Petronella writes in this blogpost. “The virus is then injected into a computer when the user visits an infected site by running codes inside a fake javascript file.”

Phishing is Still the #1 Threat

Social engineering attacks, and spear phishing in particular, take advantage of our increasingly networked lives. Google Calendar is but the latest online door that scammers have snuck through to enter our systems.

The solution: security awareness training to educate staff about emerging threats.

“Calendar invites need to be added to current awareness training,” says Petronella. “This reinforces the need for continual diligence on the part of an organization’s IT security team. Especially given the fact that automated security tactics like email filters have a ten percent failure rate.”

As for the new ShadowGate threats, Petronella recommends taking time to make sure your software is updated.

All of your software,” he says. “Software updates usually contain critical security patches and exploit fixes. Stick to surfing sites you are familiar with, and watch for unusual links or messages, even if those messages are from friends. Lastly, back up your files to a cloud storage system! In the event of infection, your files are completely disconnected from your computer under attack.”

Want even more security, plus peace of mind? Purchase cybersecurity insurance. Lawyers Insurance, the official agency of the NC Bar Association, can provide cyber liability coverage to suit your needs. Contact Lawyers Insurance online or at 1-800-662-8843.

 

About the Author

Jay Reeves

Jay Reeves practiced law in North Carolina and South Carolina. He was Legal Editor at Lawyers Weekly and Risk Manager at Lawyers Mutual. He is the author of The Most Powerful Attorney in the World, a collection of short stories from a law life well-lived, which as the seasons pass becomes less about law and liability and more about loss, love, longing, laughter and life's lasting luminescence.

Read More by Jay >

Related Posts

LM Portal Access your LM Portal for policy information and forms.
Need Insurance? See the difference service can make.
Payment Due? Make an online payment now.
Lawyers Mutual NC Logo

Get In Touch

Lawyers Mutual Insurance Company
1001 Winstead Drive, Suite 285

Cary, NC 27513

919.677.8900
 | 
1.800.662.8843

Fax: 919.677.9641

Latest Alerts

The Corporate Transparency Act: What North Carolina Law Firms Need to Know

Lawyers Mutual has published previous alerts regarding the new filing requirements under the Corporate Transparency Act (“CTA”) that went into effect January 1, 2024. After reviewing additional resources, we want to emphasize concerns that we have about the risks and increased potential liability for lawyers undertaking the reporting requirements. This is especially true for the continuing reporting requirements after entity formation and initial reporting.  

Learn More

eCourts Expansion Announced for 2024

The North Carolina Administrative Office of the Courts (NCAOC) recently announced additional go-live plans for counties transitioning from paper files to Enterprise Justice (Odyssey), which currently serves Harnett, Johnston, Lee, Mecklenburg and Wake counties. Twelve northeastern counties comprising Track 3, as previously announced, will go live on February 5, and 10 counties comprising Track 4 (Alamance, Chatham, Durham, Franklin, Granville, Guilford, Orange, Person, Vance and Warren) will go live on April 29.   

Learn More