khaled0111 (OP)
Legendary
Online
Activity: 2702
Merit: 3037
Top Crypto Casino
|
It seems like hackers/scammers found a new way to send phishing links to their victims. They are not using emails anymore. Now, they are using a new a strategy which is less suspicious through Google Calendar. I was browsing this forum when I received a notification about an event. Here is how it looked like: Translation: GREAT OPPORTUNITY TO SOLVE FINANCIAL PROBLEMS! Get your massive cash boost today Please do not visit the link in the image.It is scheduled to show the notification each day at the same time: I have all my private keys and sensitive data stored on this phone, thankfully I am too skeptical and never click on short links. Be safe: never click on suspicious links never join bounties/airdrops that ask you to provide your email (or at least use a throw away email)
|
|
|
|
dothebeats
Legendary
Offline
Activity: 3766
Merit: 1354
|
|
July 19, 2019, 06:35:45 PM |
|
I also got that notification from my phone's Google Calendar, and I have since deleted all of the reminders without clicking any of it in the link. This has affected all of my future appointments and alarms on the calendar but I do have some of the most vital apps installed here on my Android. I just hope that this gets forwarded immediately to Google for it to get rid off immediately. Good thing that I haven't installed my banking apps and other important things on this phone, else I might get screwed.
|
|
|
|
Sourhearrt
Member
Offline
Activity: 166
Merit: 12
|
|
July 19, 2019, 06:53:32 PM |
|
OMG how is this possible in the first place? Damn I'm glad I don't use google calendar on my phones,too many physical calendars in my home
|
|
|
|
Becky666
|
|
July 19, 2019, 08:09:45 PM |
|
OMG how is this possible in the first place? Damn I'm glad I don't use google calendar on my phones,too many physical calendars in my home Come-on mate nothing like Google calendar because it reminds you of many stuff that are worth keeping, even dateofbirth among others. The important information from this thread is: never click anything that's not clear for you no matter whose platform's the ads shows. I got series of these notifications but always careful for what I click, also, Brave browser can be of a help to block those unwanted ads show from your phones or desktops and prevent you from phishing links.
|
|
|
|
bernardos
Member
Offline
Activity: 686
Merit: 45
|
|
July 19, 2019, 09:03:53 PM |
|
How can someone add events to your calendar without access to your google account or the email associated with it? I dont understand how this attack can be carried out just by knowing someones email address.
|
Content writer and Croatian translator. Contact me for more information.
|
|
|
TryNinja
Legendary
Offline
Activity: 3010
Merit: 7435
Top Crypto Casino
|
|
July 19, 2019, 09:12:03 PM |
|
How can someone add events to your calendar without access to your google account or the email associated with it? I dont understand how this attack can be carried out just by knowing someones email address.
I believe they send you an email that makes Google think it's an event, so they automatically add it to your calendar. It's like buying a travelling ticket. Most companies send their email in a way Google know when and where the travel is going to happen, so it adds it to your calendar to make things easier for you.
|
|
|
|
harizen
Legendary
Offline
Activity: 3122
Merit: 1398
For support ➡️ help.bc.game
|
|
July 19, 2019, 09:47:39 PM |
|
Google Calendar is a pre-installed app on some of the Android phones today. I don't use this since it's not necessary. I even removed these to GAPPS flash zip back then when installing GAPPS is manual (older android version).Stock Calendar app is enough. Better disabled that along with other GAPPS that not primarily or regularly used (Settings>App>).Scammers are adding fake events or inviting you to different events so that you open them and click on a link that could give them access to your data. In other words, sort of tricking someone to click their link. Like the usual way of phishing, we need to use our common sense to deal on this. Thanks for bringing the news here OP.
|
|
|
|
jossiel
|
|
July 19, 2019, 10:39:32 PM |
|
I have all my private keys and sensitive data stored on this phone, thankfully I am too skeptical and never click on short links.
Now that you are aware of their trick, you should start backing it up on a piece of paper or somewhere which has no connection to the internet. I'm also using this calendar, is this the red icon calendar that's already installed to each android phones? Though I use it but I don't keep important data like my private keys, I don't store it on my phone. OP you need to act quickly though nothing happened for now but it's better to be safe and don't be confident storing your sensitive data there.
|
|
|
|
LTU_btc
Legendary
Offline
Activity: 3234
Merit: 1375
Slava Ukraini!
|
|
July 19, 2019, 11:37:05 PM |
|
Damn, these bastards are really smart and always find new ways how to scam people. I have Google calendar on my phone, I can't say that I'm using it very actively, but so far I haven't faced such phishing links on it. First of all, it's interesting how this event appeared on your calendar if you didn't added it. Maybe it's possible that you given access to your Google Calendar for one app on your phone?
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18746
|
|
July 20, 2019, 01:37:18 AM |
|
I believe they send you an email that makes Google think it's an event, so they automatically add it to your calendar.
It's like buying a travelling ticket. Most companies send their email in a way Google know when and where the travel is going to happen, so it adds it to your calendar to make things easier for you. I don't use Google products, and so I had no idea Google did this. Are you saying Google automatically reads the contents of all your emails, picks out anything that looks like an appointment, ticket, event, meeting, flight, hotel, whatever, and shares that across all its apps and databases? And people just accept that this is happening? I knew Google's privacy invasion was bad, but wow. Are people honestly so lazy that they will allow Google access to literally everything about them just so they don't have to remember that they've booked a flight? And now it seems that using Google products is also a security risk for your crypto, not just a privacy risk. For anyone interesting in moving away from all Google products, here is a good place to start: https://www.reddit.com/r/privacy/wiki/de-google
|
|
|
|
XarXymtroa
Member
Offline
Activity: 153
Merit: 23
|
|
July 20, 2019, 01:39:42 AM |
|
I don't use any google products not even their gmail. I truly believe they are secretly tracking our moves and selling the data.
|
|
|
|
TryNinja
Legendary
Offline
Activity: 3010
Merit: 7435
Top Crypto Casino
|
|
July 20, 2019, 01:41:57 AM |
|
I don't use Google products, and so I had no idea Google did this. Are you saying Google automatically reads the contents of all your emails, picks out anything that looks like an appointment, ticket, event, meeting, flight, hotel, whatever, and shares that across all its apps and databases? And people just accept that this is happening? I knew Google's privacy invasion was bad, but wow. Are people honestly so lazy that they will allow Google access to literally everything about them just so they don't have to remember that they've booked a flight? For anyone interesting in moving away from all Google products, here is a good place to start: https://www.reddit.com/r/privacy/wiki/de-googleExactly. I had a booked fly last year and Google automatically organized everything for me in many of his products. Talk about convenience, huh? But at what cost? That was what made me finally move to a privacy-oriented email provider. They basically scrape your email and add a card on top of it with every information about the fly. So they basically have access to all of it. I don't use any google products not even their gmail. I truly believe they are secretly tracking our moves and selling the data.
They do. It's not that big of a surprise.
|
|
|
|
joniboini
Legendary
Offline
Activity: 2366
Merit: 1805
|
|
July 20, 2019, 03:00:16 AM |
|
I don't use any google products not even their gmail. I truly believe they are secretly tracking our moves and selling the data.
They no longer do it in secret. They openly do it and you should've realized by now. Most people are fine with it as it "helps their life", but who knows what will happen if they decide to use your data to 'hunt you down'.
|
| CHIPS.GG | | | ▄▄███████▄▄ ▄████▀▀▀▀▀▀▀████▄ ▄███▀░▄░▀▀▀▀▀░▄░▀███▄ ▄███░▄▀░░░░░░░░░▀▄░███▄ ▄███░▄░░░▄█████▄░░░▄░███▄ ███░▄▀░░░███████░░░▀▄░███ ███░█░░░▀▀▀▀▀░░░▀░░░█░███ ███░▀▄░▄▀░▄██▄▄░▀▄░▄▀░███ ▀███░▀░▀▄██▀░▀██▄▀░▀░███▀ ▀███░▀▄░░░░░░░░░▄▀░███▀ ▀███▄░▀░▄▄▄▄▄░▀░▄███▀ ▀████▄▄▄▄▄▄▄████▀ █████████████████████████ | | ▄▄███████▄▄ ▄███████████████▄ ▄█▀▀▀▄█████████▄▀▀▀█▄ ▄██████▀▄█▄▄▄█▄▀██████▄ ▄████████▄█████▄████████▄ ████████▄███████▄████████ ███████▄█████████▄███████ ███▄▄▀▀█▀▀█████▀▀█▀▀▄▄███ ▀█████████▀▀██▀█████████▀ ▀█████████████████████▀ ▀███████████████████▀ ▀████▄▄███▄▄████▀ ████████████████████████ | | 3000+ UNIQUE GAMES | | | 12+ CURRENCIES ACCEPTED | | | VIP REWARD PROGRAM | | ◥ | Play Now |
|
|
|
romecheo
|
|
July 20, 2019, 06:27:02 AM |
|
This is scary, though, I haven't encountered or experience it yet, upon browsing the net, there are more than 600k result about the phishing attack using google calendar.
Sometimes, we get excited when receiving invitations and haven't thought twice before clicking the link. This very tricky idea to take advantage on the others.
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18746
|
|
July 20, 2019, 06:50:53 AM |
|
If you have a Google account, you can visit https://maps.google.com/locationhistory to see just how much it tracks your movements. I had a friend show me his: it literally is down to the minute. It tracks how you travel between locations, and pairs up your location with what is at each location (home, work, bar, shop, etc.) and how long you spend there. It really does have complete profile of everything you do. You can also visit https://takeout.google.com/ to download everything that you are allowed to see that Google holds on you. Everything from location history as above, to all your web searches, calendar entries, payment history, voice recordings, home information, even your heart rate and sleep schedules. Then there is of course all the data you don't see. If you use Chrome, or leave your Google account logged in while browsing, then they also have a complete record of everything you have ever done online. Bear in mind Google will share this information with any third party as they see fit.
|
|
|
|
Lucius
Legendary
Offline
Activity: 3416
Merit: 6145
Crypto Swap Exchange🈺
|
|
July 20, 2019, 10:32:53 AM |
|
What a smart way to trick someone to click phishing link, and some people will actually believe that this is something legitimate, because it comes through official Google app. I never use that app, and I do not see it in my new smarthphone (Huawei), so I check on Google Play and there is available for download.
Google is actually involved in everything, and there is no doubt that it can help you in many things, but since all that is free for users, they need to in some ways to make a profit on that. They use all that data about users and make huge profits, but it is same with Facebook, Twitter or any similar service. If you use Windows OS as most people do, you are also under constant surveillance.
Privacy is a very demanding and expensive privilege today, and if you use anything to hide your track, you become even more suspicious in the eyes of those who want to control everything.
khaled0111, you probably know, but mobile phone is not good way to keep such sensitive data. I hope you can find a better solution in the future.
|
|
|
|
tbct_mt2
|
|
July 20, 2019, 11:03:57 AM |
|
Be safe: never click on suspicious links never join bounties/airdrops that ask you to provide your email (or at least use a throw away email)
It is sure that being careful before clicking on links is key to protect your devices and your accounts. Using throw-away emails is good approach for bounties, airdrops, and should do, but bounty hunters can do use their real emails. Just avoiding to use their main accounts, that used for their bank accounts, their main exchanges' accounts for such un-important things like bounties and airdrops. Above all, they will be safe if they carefull with strange emails and links sent to their inboxes (whatever emails they use)
|
RAZED | │ | ███████▄▄▄████▄▄▄▄ ████▄███████████████▄ ██▄██████▀▀████▀▀█████▄ ░▄███████████▄█▌████████▄ ▄█████████▄████▌█████████▄ ██████████▀███████▄███████▄ ██████████████▐█▄█▀████████ ▀████████████▌▐█▀██████████ ░▀███████████▌▀████████████ ██▀███████▄▄▄█████▄▄██████ █████████████████████████ █████▀█████████████████▀ ███████████████████████ | ▄▄███████▄▄ ▄███████████████▄ ▄███████████████████▄ ▄█████████████████████▄ ▄███████████████████████▄ █████████████████████████ █████████████████████████ █████████████████████████ ▀███████████████████████▀ ▀█████████████████████▀ ▀███████████████████▀ ▀███████████████▀ ███████████████████ | RAZED ORIGINALS SLOTS & LIVE CASINO SPORTSBOOK | | | NO KYC | | │ | RAZE THE LIMITS ►PLAY NOW |
|
|
|
khaled0111 (OP)
Legendary
Online
Activity: 2702
Merit: 3037
Top Crypto Casino
|
|
July 20, 2019, 08:05:02 PM |
|
|
|
|
|
tbct_mt2
|
|
July 21, 2019, 06:13:19 AM |
|
Bear in mind Google will share this information with any third party as they see fit.
It means Google acts nearly the same way the Facebook did. There is no doubt about that, and users have to accept risks of using Google, and some applications in Google ecosystem. Personally, I hesitated and tried to avoid using automatical synchorisation on all things I did with my Google accounts, search history, and so on. Someone might think it will help them to have convenience when switching between their workplace and at home, but I simply se risks. Sychnrosie search history on some computers with same account sounds interesting, but for what? It is not an essential thing to use that feature, so I ignore it.
|
RAZED | │ | ███████▄▄▄████▄▄▄▄ ████▄███████████████▄ ██▄██████▀▀████▀▀█████▄ ░▄███████████▄█▌████████▄ ▄█████████▄████▌█████████▄ ██████████▀███████▄███████▄ ██████████████▐█▄█▀████████ ▀████████████▌▐█▀██████████ ░▀███████████▌▀████████████ ██▀███████▄▄▄█████▄▄██████ █████████████████████████ █████▀█████████████████▀ ███████████████████████ | ▄▄███████▄▄ ▄███████████████▄ ▄███████████████████▄ ▄█████████████████████▄ ▄███████████████████████▄ █████████████████████████ █████████████████████████ █████████████████████████ ▀███████████████████████▀ ▀█████████████████████▀ ▀███████████████████▀ ▀███████████████▀ ███████████████████ | RAZED ORIGINALS SLOTS & LIVE CASINO SPORTSBOOK | | | NO KYC | | │ | RAZE THE LIMITS ►PLAY NOW |
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18746
|
|
July 21, 2019, 10:54:43 AM |
|
Personally, I hesitated and tried to avoid using automatical synchorisation on all things I did with my Google accounts, search history, and so on. Using the settings Google provides to tell Google products to stop collecting data on you almost certainly does nothing except stop you from seeing the data being collected on your devices or on your Google account. I fully expect they still collect and store all that data. There are lawsuits against Google for tracking users' locations even when they turn off location history, so I doubt turning off search history actually stops them from recording your search history; you just won't see it anymore. It's just like on Windows 10 when you turn all the privacy settings up to max and disable all its telemetry, yet you can see it still calls home to Microsoft owned IPs thousands of times an hour. The only way to actual maintain your privacy from these companies is to not use them at all.
|
|
|
|
|