Byte of Prevention Blog

by Jay Reeves |

Google Calendar is Phishing Minefield

As if you didn’t already have enough to worry about with cybersecurity, now we learn that Google Calendar might be a minefield and Flash video player could be a ticking bomb.

More than 1.5 billion people who use Google Calendar are potential victims of an ongoing phishing scam.

“Scammers send a calendar invite complete with meeting topic and location to fool users into clicking the innocent and valid-looking link poised to send them more meeting details,” writes web security expert Craig Petronella. By clicking on the link, users inadvertently upload malware hidden in a javascript.

And Flash video player is being used by the hacker group ShadowGate to lock down computers and hold them ransom.

“The attack targets exploits found in outdated versions of the Flash video player,” Petronella writes in this blogpost. “The virus is then injected into a computer when the user visits an infected site by running codes inside a fake javascript file.”

Phishing is Still the #1 Threat

Social engineering attacks, and spear phishing in particular, take advantage of our increasingly networked lives. Google Calendar is but the latest online door that scammers have snuck through to enter our systems.

The solution: security awareness training to educate staff about emerging threats.

“Calendar invites need to be added to current awareness training,” says Petronella. “This reinforces the need for continual diligence on the part of an organization’s IT security team. Especially given the fact that automated security tactics like email filters have a ten percent failure rate.”

As for the new ShadowGate threats, Petronella recommends taking time to make sure your software is updated.

All of your software,” he says. “Software updates usually contain critical security patches and exploit fixes. Stick to surfing sites you are familiar with, and watch for unusual links or messages, even if those messages are from friends. Lastly, back up your files to a cloud storage system! In the event of infection, your files are completely disconnected from your computer under attack.”

Want even more security, plus peace of mind? Purchase cybersecurity insurance. Lawyers Insurance, the official agency of the NC Bar Association, can provide cyber liability coverage to suit your needs. Contact Lawyers Insurance online or at 1-800-662-8843.


About the Author

Jay Reeves | 919-619-2441

Jay Reeves practiced law in North Carolina and South Carolina. Over the course of his 35-year career he was a solo practitioner, corporate lawyer, legal editor, Legal Aid staff attorney and insurance risk manager. Today he helps lawyers and firms put more mojo in their practice through marketing, work-life balance and reclaiming passion for what they do. He is available for consultations, retreats and presentations.

Read More by Jay >

Related Posts