It seems that cybercriminals are now using Google Calendar services to launch a new strain of phishing attacks. The information was revealed after Google Calendar users received an email notification that warned its users to submit their Google username, password, and date of birth, failing to which would result in deletion of their accounts.
These emails appeared to be from “Customer Verification” department of Google, and come from an unusual email address, ‘customerserviceXXXX@gmail.com’, where XXXX is a four-digit number.
It’s really difficult to detect the scam, as unlike other phishing emails, this tricked email notification comprises of users’ real name and email addresses.
Fraudsters simply made their emails look authentic, by exploiting Google’s method of inserting recipients’ real names in email invitations.
The email seems to be real to users, as the link given in the email directs the users to an event in their Google Calendar that seems to be genuine, and contains names of several other invited users.
However, spelling errors and other such anomalies clearly spell out the fake nature of the email.
The dicey email talks about "congestions" in Gmail's system due to anonymous registrations of Gmail accounts, causing deletion of some of the accounts, including those of the recipients’, and hence asks them to enter their Google credentials into it.
Go To Page 2 for our comments and more related links
Google will start to attract phishing attacks now that it has reached a critical mass. Gmail, which acts as the central hub for Google services, already has a few tricks up its sleeve including the ability to report phishing emails. Users however need to be even more careful as cybercriminals try to exploit the current holiday period.