Google Calendar is Phishing Minefield
As if you didn’t already have enough to worry about with cybersecurity, now we learn that Google Calendar might be a minefield and Flash video player could be a ticking bomb.
More than 1.5 billion people who use Google Calendar are potential victims of an ongoing phishing scam.
“Scammers send a calendar invite complete with meeting topic and location to fool users into clicking the innocent and valid-looking link poised to send them more meeting details,” writes web security expert Craig Petronella. By clicking on the link, users inadvertently upload malware hidden in a javascript.
And Flash video player is being used by the hacker group ShadowGate to lock down computers and hold them ransom.
“The attack targets exploits found in outdated versions of the Flash video player,” Petronella writes in this blogpost. “The virus is then injected into a computer when the user visits an infected site by running codes inside a fake javascript file.”
Phishing is Still the #1 Threat
Social engineering attacks, and spear phishing in particular, take advantage of our increasingly networked lives. Google Calendar is but the latest online door that scammers have snuck through to enter our systems.
The solution: security awareness training to educate staff about emerging threats.
“Calendar invites need to be added to current awareness training,” says Petronella. “This reinforces the need for continual diligence on the part of an organization’s IT security team. Especially given the fact that automated security tactics like email filters have a ten percent failure rate.”
As for the new ShadowGate threats, Petronella recommends taking time to make sure your software is updated.
“All of your software,” he says. “Software updates usually contain critical security patches and exploit fixes. Stick to surfing sites you are familiar with, and watch for unusual links or messages, even if those messages are from friends. Lastly, back up your files to a cloud storage system! In the event of infection, your files are completely disconnected from your computer under attack.”
Want even more security, plus peace of mind? Purchase cybersecurity insurance. Lawyers Insurance, the official agency of the NC Bar Association, can provide cyber liability coverage to suit your needs. Contact Lawyers Insurance online or at 1-800-662-8843.