Bitcoin Forum
September 22, 2019, 04:56:18 AM *
News: Latest Bitcoin Core release: 0.18.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: New phishing attack using Google Calendar  (Read 244 times)
khaled0111
Hero Member
*****
Offline Offline

Activity: 826
Merit: 552



View Profile
July 19, 2019, 05:48:27 PM
Merited by Quickseller (1), logfiles (1)
 #1

It seems like hackers/scammers found a new way to send phishing links to their victims.
They are not using emails anymore. Now, they are using a new a strategy which is less suspicious through Google Calendar.

I was browsing this forum when I received a notification about an event.
Here is how it looked like:


Translation:
Quote
GREAT OPPORTUNITY TO SOLVE FINANCIAL PROBLEMS! Get your massive cash boost today
Please do not visit the link in the image.

It is scheduled to show the notification each day at the same time:


I have all my private keys and sensitive data stored on this phone, thankfully I am too skeptical and never click on short links.

Be safe: never click on suspicious links
               never join bounties/airdrops that ask you to provide your email (or at least use a throw away email)

                  ▄▄▄████████▄
              ▄▄██████████████
    ▄▄▄▄▄▄▄▄▄█████▀    ▀██████
▄▄███████████████        ████
 ▀▀████
███████████▄    ▄████
     ██████████████████████
     ▀███████████████████▀
    ▄██████████████████▀
   ▄████████████████
  ▄██████████████████
  ███████▀▀ ▀▀▀█████▀
               ████▀
               ██▀
.ROCKETPOT..           █████████
          ███
         ███
        ███
       ███
      ███
████████
      ███
       ███
        ███
         ███
          ███
           █████████
▄▄█████████▄▄
▄█████████████████▄
▄████████  █  ████████▄
▄██████         ▀███████▄
▄█████████  ████▄  ███████▄
██████████  █████  ████████
██████████          ███████
██████████  ██████  ███████
▀█████████  █████▀  ██████▀
▀██████          ▄██████▀
▀████████  █  ████████▀
▀█████████████████▀
▀▀█████████▀▀
||
█████████           
███         
███         
███       
███       
███     
████████
███     
███       
███       
███         
███         
█████████           
...PLAY NOW...
1569128178
Hero Member
*
Offline Offline

Posts: 1569128178

View Profile Personal Message (Offline)

Ignore
1569128178
Reply with quote  #2

1569128178
Report to moderator
1569128178
Hero Member
*
Offline Offline

Posts: 1569128178

View Profile Personal Message (Offline)

Ignore
1569128178
Reply with quote  #2

1569128178
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1569128178
Hero Member
*
Offline Offline

Posts: 1569128178

View Profile Personal Message (Offline)

Ignore
1569128178
Reply with quote  #2

1569128178
Report to moderator
dothebeats
Legendary
*
Offline Offline

Activity: 1946
Merit: 1132


Thank you, Kary Mullis


View Profile
July 19, 2019, 06:35:45 PM
 #2

I also got that notification from my phone's Google Calendar, and I have since deleted all of the reminders without clicking any of it in the link. This has affected all of my future appointments and alarms on the calendar but I do have some of the most vital apps installed here on my Android. I just hope that this gets forwarded immediately to Google for it to get rid off immediately. Good thing that I haven't installed my banking apps and other important things on this phone, else I might get screwed.




.




  ▄▄▄▄▄▄▄▄▄▄▄▄▄
▄████████▀▀▀▀███▄
███████▀     ████
███████   ███████
█████        ████
███████   ███████
▀██████   ██████▀
  ▀▀▀▀▀   ▀▀▀▀▀

  ▄▄▄▄▄▄▄▄▄▄▄▄▄
▄██▀▀▀▀▀▀▀▀▀▀▀██▄
██    ▄▄▄▄▄ ▀  ██
██   █▀   ▀█   ██
██   █▄   ▄█   ██
██    ▀▀▀▀▀    ██
▀██▄▄▄▄▄▄▄▄▄▄▄██▀
  ▀▀▀▀▀▀▀▀▀▀▀▀▀

            ▄▄▄
█▄▄      ████████▄
 █████▄▄████████▌
▀██████████████▌
  █████████████
  ▀██████████▀
   ▄▄██████▀
    ▀▀▀▀▀

    ██  ██
  ███████████▄
    ██      ▀█
    ██▄▄▄▄▄▄█▀
    ██▀▀▀▀▀▀█▄
    ██      ▄█
  ███████████▀
    ██  ██




               ▄
       ▄  ▄█▄ ▀█▀      ▄
      ▀█▀  ▀   ▄  ▄█▄ ▀█▀
███▄▄▄        ▀█▀  ▀     ▄▄▄███       ▐█▄    ▄█▌   ▐█▌   █▄    ▐█▌   ████████   █████▄     ██    ▄█████▄▄   ▐█████▌
████████▄▄           ▄▄████████       ▐███▄▄███▌   ▐█▌   ███▄  ▐█▌      ██      █▌  ▀██    ██   ▄██▀   ▀▀   ▐█
███████████▄       ▄███████████       ▐█▌▀██▀▐█▌   ▐█▌   ██▀██▄▐█▌      ██      █▌   ▐█▌   ██   ██          ▐█████▌
 ████████████     ████████████        ▐█▌    ▐█▌   ▐█▌   ██  ▀███▌      ██      █▌  ▄██    ██   ▀██▄   ▄▄   ▐█
  ████████████   ████████████         ▐█▌    ▐█▌   ▐█▌   ██    ▀█▌      ██      █████▀     ██    ▀█████▀▀   ▐█████▌
   ▀███████████ ███████████▀
     ▀███████████████████▀
        ▀▀▀█████████▀▀▀
FIND OUT MORE AT MINTDICE.COM
Sourhearrt
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
July 19, 2019, 06:53:32 PM
 #3

OMG Shocked how is this possible in the first place? Damn I'm glad I don't use google calendar on my phones,too many physical calendars in my home
Becky666
Member
**
Offline Offline

Activity: 206
Merit: 61


View Profile WWW
July 19, 2019, 08:09:45 PM
 #4

OMG Shocked how is this possible in the first place? Damn I'm glad I don't use google calendar on my phones,too many physical calendars in my home
Come-on mate nothing like Google calendar because it reminds you of many stuff that are worth keeping, even dateofbirth among others. The important information from this thread is: never click anything that's not clear for you no matter whose platform's the ads shows. I got series of these notifications but always careful for what I click, also, Brave browser can be of a help to block those unwanted ads show from your phones or desktops and prevent you from phishing links.

bernardos
Member
**
Offline Offline

Activity: 350
Merit: 34


View Profile
July 19, 2019, 09:03:53 PM
 #5

How can someone add events to your calendar without access to your google account or the email associated with it?
I dont understand how this attack can be carried out just by knowing someones email address. 
TryNinja
Legendary
*
Offline Offline

Activity: 1134
Merit: 1469



View Profile
July 19, 2019, 09:12:03 PM
 #6

How can someone add events to your calendar without access to your google account or the email associated with it?
I dont understand how this attack can be carried out just by knowing someones email address.  
I believe they send you an email that makes Google think it's an event, so they automatically add it to your calendar.

It's like buying a travelling ticket. Most companies send their email in a way Google know when and where the travel is going to happen, so it adds it to your calendar to make things easier for you.

harizen
Legendary
*
Offline Offline

Activity: 1652
Merit: 1164


View Profile
July 19, 2019, 09:47:39 PM
 #7

Google Calendar is a pre-installed app on some of the Android phones today.

I don't use this since it's not necessary. I even removed these to GAPPS flash zip back then when installing GAPPS is manual (older android version).Stock Calendar app is enough. Better disabled that along with other GAPPS that not primarily or regularly used (Settings>App>).

Quote
Scammers are adding fake events or inviting you to different events so that you open them and click on a link that could give them access to your data.

In other words, sort of tricking someone to click their link.

Like the usual way of phishing, we need to use our common sense to deal on this. Thanks for bringing the news here OP.

jossiel
Hero Member
*****
Offline Offline

Activity: 1288
Merit: 542



View Profile
July 19, 2019, 10:39:32 PM
 #8

I have all my private keys and sensitive data stored on this phone, thankfully I am too skeptical and never click on short links.
Now that you are aware of their trick, you should start backing it up on a piece of paper or somewhere which has no connection to the internet. I'm also using this calendar, is this the red icon calendar that's already installed to each android phones?

Though I use it but I don't keep important data like my private keys, I don't store it on my phone. OP you need to act quickly though nothing happened for now but it's better to be safe and don't be confident storing your sensitive data there.


.BitDice.               ▄▄███▄▄
           ▄▄██▀▀ ▄ ▀▀██▄▄
      ▄▄█ ▀▀  ▄▄█████▄▄  ▀▀ █▄▄
  ▄▄██▀▀     ▀▀ █████ ▀▀     ▀▀██▄▄
██▀▀ ▄▄██▀      ▀███▀      ▀██▄▄ ▀▀██
██  ████▄▄       ███       ▄▄████  ██
██  █▀▀████▄▄  ▄█████▄  ▄▄████▀▀█  ██
██  ▀     ▀▀▀███████████▀▀▀     ▀  ██
             ███████████
██  ▄     ▄▄▄███████████▄▄▄     ▄  ██
██  █▄▄████▀▀  ▀█████▀  ▀▀████▄▄█  ██
██  ████▀▀       ███       ▀▀████  ██
██▄▄ ▀▀██▄      ▄███▄      ▄██▀▀ ▄▄██
  ▀▀██▄▄     ▄▄ █████ ▄▄     ▄▄██▀▀
      ▀▀█ ▄▄  ▀▀█████▀▀  ▄▄ █▀▀
           ▀▀██▄▄ ▀ ▄▄██▀▀
               ▀▀███▀▀
        ▄▄███████▄▄
     ▄███████████████▄
    ████▀▀       ▀▀████
   ████▀           ▀████
   ████             ████
   ████ ▄▄▄▄▄▄▄▄▄▄▄ ████
▄█████████████████████████▄
██████████▀▀▀▀▀▀▀██████████
████                   ████
████                   ████
████                   ████
████                   ████
████                   ████
████▄                 ▄████
████████▄▄▄     ▄▄▄████████
  ▀▀▀█████████████████▀▀▀
        ▀▀▀█████▀▀▀
▄▄████████████████████████████████▄▄
██████████████████████████████████████
█████                            █████
█████                            █████
█████                            █████
█████                            █████
█████                     ▄▄▄▄▄▄▄▄▄▄
█████                   ▄█▀▀▀▀▀▀▀▀▀▀█▄
█████                   ██          ██
█████                   ██          ██
█████                   ██          ██
██████████████████▀▀███ ██          ██
 ████████████████▄  ▄██ ██          ██
   ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ ██          ██
             ██████████ ██          ██
           ▄███████████ ██████▀▀██████
          █████████████  ▀████▄▄████▀
[/]
LTU_btc
Hero Member
*****
Offline Offline

Activity: 1358
Merit: 682



View Profile WWW
July 19, 2019, 11:37:05 PM
 #9

Damn, these bastards are really smart and always find new ways how to scam people. I have Google calendar on my phone, I can't say that I'm using it very actively, but so far I haven't faced such phishing links on it. First of all, it's interesting how this event appeared on your calendar if you didn't added it. Maybe it's possible that you given access to your Google Calendar for one app on your phone?




▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄                  ▄▄▄   ▄▄▄▄▄        ▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄
 ▀████████████████▄  ████                 █████   ▀████▄    ▄████▀  ▄██████████████   ████████████▀  ▄█████████████▀  ▄█████████████▄
              ▀████  ████               ▄███▀███▄   ▀████▄▄████▀               ████   ████                ████                   ▀████
   ▄▄▄▄▄▄▄▄▄▄▄█████  ████              ████   ████    ▀██████▀      ██████████████▄   ████████████▀       ████       ▄▄▄▄▄▄▄▄▄▄▄▄████▀
   ██████████████▀   ████            ▄███▀     ▀███▄    ████        ████        ████  ████                ████       ██████████████▀
   ████              ████████████▀  ████   ██████████   ████        ████████████████  █████████████▀      ████       ████      ▀████▄
   ▀▀▀▀              ▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀  ▀▀▀▀        ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀        ▀▀▀▀       ▀▀▀▀        ▀▀▀▀▀

#1 CRYPTO CASINO & SPORTSBOOK
 WELCOME
BONUS
.INSTANT & FAST.
.TRANSACTION.....
.PROVABLY FAIR.
......& SECURE......
.24/7 CUSTOMER.
............SUPPORT.
BTC      |      ETH      |      LTC      |      XRP      |      XMR      |      BNB      |     more
o_e_l_e_o
Hero Member
*****
Offline Offline

Activity: 686
Merit: 2752



View Profile
July 20, 2019, 01:37:18 AM
 #10

I believe they send you an email that makes Google think it's an event, so they automatically add it to your calendar.

It's like buying a travelling ticket. Most companies send their email in a way Google know when and where the travel is going to happen, so it adds it to your calendar to make things easier for you.
I don't use Google products, and so I had no idea Google did this. Are you saying Google automatically reads the contents of all your emails, picks out anything that looks like an appointment, ticket, event, meeting, flight, hotel, whatever, and shares that across all its apps and databases? And people just accept that this is happening? I knew Google's privacy invasion was bad, but wow. Are people honestly so lazy that they will allow Google access to literally everything about them just so they don't have to remember that they've booked a flight?

And now it seems that using Google products is also a security risk for your crypto, not just a privacy risk. For anyone interesting in moving away from all Google products, here is a good place to start: https://www.reddit.com/r/privacy/wiki/de-google

XarXymtroa
Member
**
Offline Offline

Activity: 130
Merit: 21


View Profile
July 20, 2019, 01:39:42 AM
 #11

I don't use any google products not even their gmail.  I truly believe they are secretly tracking our moves and selling the data.
TryNinja
Legendary
*
Offline Offline

Activity: 1134
Merit: 1469



View Profile
July 20, 2019, 01:41:57 AM
 #12

I don't use Google products, and so I had no idea Google did this. Are you saying Google automatically reads the contents of all your emails, picks out anything that looks like an appointment, ticket, event, meeting, flight, hotel, whatever, and shares that across all its apps and databases? And people just accept that this is happening? I knew Google's privacy invasion was bad, but wow. Are people honestly so lazy that they will allow Google access to literally everything about them just so they don't have to remember that they've booked a flight?

For anyone interesting in moving away from all Google products, here is a good place to start: https://www.reddit.com/r/privacy/wiki/de-google
Exactly. I had a booked fly last year and Google automatically organized everything for me in many of his products. Talk about convenience, huh? But at what cost? That was what made me finally move to a privacy-oriented email provider.

They basically scrape your email and add a card on top of it with every information about the fly. So they basically have access to all of it.

I don't use any google products not even their gmail.  I truly believe they are secretly tracking our moves and selling the data.
They do. It's not that big of a surprise.

joniboini
Hero Member
*****
Offline Offline

Activity: 686
Merit: 1102

lmao


View Profile WWW
July 20, 2019, 03:00:16 AM
 #13

I don't use any google products not even their gmail.  I truly believe they are secretly tracking our moves and selling the data.

They no longer do it in secret. They openly do it and you should've realized by now. Most people are fine with it as it "helps their life", but who knows what will happen if they decide to use your data to 'hunt you down'.


romecheo
Full Member
***
Offline Offline

Activity: 448
Merit: 101



View Profile
July 20, 2019, 06:27:02 AM
 #14

This is scary, though, I haven't encountered or experience it yet, upon browsing the net, there are more than 600k result about the phishing attack using google calendar.

Sometimes, we get excited when receiving invitations and haven't thought twice before clicking the link. This very tricky idea to take advantage on the others.

o_e_l_e_o
Hero Member
*****
Offline Offline

Activity: 686
Merit: 2752



View Profile
July 20, 2019, 06:50:53 AM
 #15

If you have a Google account, you can visit https://maps.google.com/locationhistory to see just how much it tracks your movements. I had a friend show me his: it literally is down to the minute. It tracks how you travel between locations, and pairs up your location with what is at each location (home, work, bar, shop, etc.) and how long you spend there. It really does have complete profile of everything you do.

You can also visit https://takeout.google.com/ to download everything that you are allowed to see that Google holds on you. Everything from location history as above, to all your web searches, calendar entries, payment history, voice recordings, home information, even your heart rate and sleep schedules. Then there is of course all the data you don't see. If you use Chrome, or leave your Google account logged in while browsing, then they also have a complete record of everything you have ever done online.

Bear in mind Google will share this information with any third party as they see fit.

Lucius
Legendary
*
Offline Offline

Activity: 1540
Merit: 1332


Fortis Fortuna Adiuvat


View Profile WWW
July 20, 2019, 10:32:53 AM
 #16

What a smart way to trick someone to click phishing link, and some people will actually believe that this is something legitimate, because it comes through official Google app. I never use that app, and I do not see it in my new smarthphone (Huawei), so I check on Google Play and there is available for download.

Google is actually involved in everything, and there is no doubt that it can help you in many things, but since all that is free for users, they need to in some ways to make a profit on that. They use all that data about users and make huge profits, but it is same with Facebook, Twitter or any similar service. If you use Windows OS as most people do, you are also under constant surveillance.

Privacy is a very demanding and expensive privilege today, and if you use anything to hide your track, you become even more suspicious in the eyes of those who want to control everything.



khaled0111, you probably know, but mobile phone is not good way to keep such sensitive data. I hope you can find a better solution in the future.

tbct_mt2
Sr. Member
****
Offline Offline

Activity: 644
Merit: 398



View Profile
July 20, 2019, 11:03:57 AM
 #17

Be safe: never click on suspicious links
               never join bounties/airdrops that ask you to provide your email (or at least use a throw away email)

It is sure that being careful before clicking on links is key to protect your devices and your accounts. Using throw-away emails is good approach for bounties, airdrops, and should do, but bounty hunters can do use their real emails. Just avoiding to use their main accounts, that used for their bank accounts, their main exchanges' accounts for such un-important things like bounties and airdrops.
Above all, they will be safe if they carefull with strange emails and links sent to their inboxes (whatever emails they use)

khaled0111
Hero Member
*****
Offline Offline

Activity: 826
Merit: 552



View Profile
July 20, 2019, 08:05:02 PM
 #18

I decided to dig deeper into the subject and here is a great article I found:
Tricky scam plants phishing links in your Google calendar
Also:
Google Calendar scam adds malicious links to your schedule

                  ▄▄▄████████▄
              ▄▄██████████████
    ▄▄▄▄▄▄▄▄▄█████▀    ▀██████
▄▄███████████████        ████
 ▀▀████
███████████▄    ▄████
     ██████████████████████
     ▀███████████████████▀
    ▄██████████████████▀
   ▄████████████████
  ▄██████████████████
  ███████▀▀ ▀▀▀█████▀
               ████▀
               ██▀
.ROCKETPOT..           █████████
          ███
         ███
        ███
       ███
      ███
████████
      ███
       ███
        ███
         ███
          ███
           █████████
▄▄█████████▄▄
▄█████████████████▄
▄████████  █  ████████▄
▄██████         ▀███████▄
▄█████████  ████▄  ███████▄
██████████  █████  ████████
██████████          ███████
██████████  ██████  ███████
▀█████████  █████▀  ██████▀
▀██████          ▄██████▀
▀████████  █  ████████▀
▀█████████████████▀
▀▀█████████▀▀
||
█████████           
███         
███         
███       
███       
███     
████████
███     
███       
███       
███         
███         
█████████           
...PLAY NOW...
tbct_mt2
Sr. Member
****
Offline Offline

Activity: 644
Merit: 398



View Profile
July 21, 2019, 06:13:19 AM
 #19

Bear in mind Google will share this information with any third party as they see fit.
It means Google acts nearly the same way the Facebook did. There is no doubt about that, and users have to accept risks of using Google, and some applications in Google ecosystem. Personally, I hesitated and tried to avoid using automatical synchorisation on all things I did with my Google accounts, search history, and so on. Someone might think it will help them to have convenience when switching between their workplace and at home, but I simply se risks. Sychnrosie search history on some computers with same account sounds interesting, but for what? It is not an essential thing to use that feature, so I ignore it.

o_e_l_e_o
Hero Member
*****
Offline Offline

Activity: 686
Merit: 2752



View Profile
July 21, 2019, 10:54:43 AM
 #20

Personally, I hesitated and tried to avoid using automatical synchorisation on all things I did with my Google accounts, search history, and so on.
Using the settings Google provides to tell Google products to stop collecting data on you almost certainly does nothing except stop you from seeing the data being collected on your devices or on your Google account. I fully expect they still collect and store all that data. There are lawsuits against Google for tracking users' locations even when they turn off location history, so I doubt turning off search history actually stops them from recording your search history; you just won't see it anymore. It's just like on Windows 10 when you turn all the privacy settings up to max and disable all its telemetry, yet you can see it still calls home to Microsoft owned IPs thousands of times an hour.

The only way to actual maintain your privacy from these companies is to not use them at all.

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!