Malwarebytes warns that a phishing campaign is using Google Calendar invites to send phony renewal notices for Malwarebytes subscriptions. The calendar invites contain a phone number that will connect the user with a scammer.
“The amounts in these fake invites are large and attention-grabbing, usually several hundred dollars for multiple years of service,” Malwarebytes says. “The scammers want you to believe a considerable charge has already gone through so that you react immediately instead of thinking critically.
“The goal is to get you to call, rather than click a link. The calendar description reads like a receipt, but the real call to action is always the same: urging you to call a number immediately to dispute or cancel the charge. Once you call, the scammer can pressure you in real time. They might ask for payment details, convince you to install remote-access software, or manipulate you into sending money.”
Calendar invites might seem more convincing than phishing emails because users may not know that threat actors can add events to their calendars. Malwarebytes outlines the following advice to help users avoid falling for calendar spam:
- “Turn off auto-add or auto-processing so invites stay as emails until you accept them.
- Restrict calendar permissions so only trusted people and apps can add events.
- In shared or resource calendars, remove public or anonymous access and limit who can create or edit items.
- Use an up-to-date real-time anti-malware solution with a web protection component to block known malicious domains.
- Don’t engage with unsolicited events. Don’t click links, open attachments, or reply to suspicious calendar events such as ‘investment,’ ‘invoice,’ ‘bonus payout,’ ‘urgent meeting’—just delete the event.
- Enable multi-factor authentication (MFA) on your accounts so attackers who compromise credentials can’t abuse the account itself to send or auto-accept invitations.”
Malwarebytes has the story.
