When we think of Google, “data breach” isn’t a phrase that typically comes to mind. The company is one of the largest in the world, with enough defenses and technical support to match its reputation. Compared to entities like Facebook, Google is often thought of as robust and reliable — a counterweight to companies that take our personal data for granted with lax security measures.
Despite Google’s status as a safe (if data hungry) place for our information, a number of new findings are making people think twice about how safe the company’s platforms are against hackers. A new threat has been detected that targets users through Google Calendar, and once it takes hold, it puts your entire account at risk across all of Google’s platforms!
In light of this new threat, security researchers are warning users to take extreme caution with any notifications that come through to their accounts. What could possibly be bad enough to provoke them to speak out like this? We have all of the details on the latest Google security threat, and what you can do to stop the hijackers from breaking into your account.
What threats are facing my Google account?
Security analysts at Kaspersky Labs are reporting a new threat that specifically targets users of Google’s platforms and services. With over 1.5 billion people using these systems, the hackers behind the attacks are aiming high for a massive pool of potential victims.
The threat, like many others, functions much like a typical phishing scheme. In this case, a user will receive a malicious Google Calendar invite with a link embedded in the description.
These links will take users to typical data-extraction websites that hackers make use of to steal credit card numbers, Social Security numbers, and login credentials for other accounts. What’s worse, anyone with Google’s apps installed on their mobile device will only see a truncated preview of the calendar notification, which can disguise the malicious alert’s true intentions.
Unlike traditional threat vectors, Google Calendar is designed to be open by nature. Anyone can receive calendar invites from another person by default, which is intended to add to the flexibility of Google’s systems across the web.
In this case, however, hackers are exploiting a vital part of Google’s ecosystem in order to drive traffic to malicious sites that can devastate computers and steal valuable personal data.
What can I do to protect my information from these Google account hackers?
As of right now, the threat seems to be limited to those who have opened the link or clicked on the malicious alerts. Although anyone with a Google account can be targeted by this kind of attack, you’re safe as long as you haven’t interacted with shady alerts or notifications in any way.
That said, there are a few ways you can take proactive steps to protect yourself from the alerts altogether. The most important is to disable Google Calendar’s ability to receive invitations from anybody.
To access this feature, simply go to the Event Setting menu in Google Calendar and turning off the automatically add invitations option by enabling the only show invitations to which I’ve responded option. On top of this, they recommend leaving Show declined events unchecked in the View Options menu as well.
Most importantly, you should avoid any strange or unusual links that come your way. If the account appears to be someone you trust and you’re still not sure about clicking a link, always ask them what they sent you and why. If they don’t respond to your question, it could be that their account was compromised and is being used to spread a scam even further.
Just stay within your boundaries of familiarity and you should be safe. In the meantime, all we can do is hope Google cares as much about its reputation as we do and works to put a stop to this threat once and for all.