NC State G Suite users are warned to stay alert to a recent phishing attack that is targeting Google Calendar users.
In this attack, phishers send a series of Google Calendar appointments containing malicious links and attachments to bait you into providing sensitive data or to launch a phishing attack. The appointments may also include:
- An unfamiliar or suspicious sender.
- An unfamiliar or suspicious subject.
- A date and time outside of normal operating hours.
- Foreign language.
- A hidden guest list.
Much like phishing email, you should take the same precaution when opening your Google Calendar appointments. Here are a few recommendations to protect yourself and your data:
- Know your senders
Like email, calendar appointments can look like they come from trusted sources. Before clicking on any links or opening any attachments, ensure you recognize the sender’s name in the calendar appointment. When in doubt, don’t click on links or open attachments. With some attacks, you can get your account phished just by clicking on a link that directs you to a fraudulent website or form.
- Don’t share sensitive data
Remember legitimate companies and organizations will never ask for personal information such as passwords and account numbers via an email or a calendar link. So don’t share your data.
- Recognize phishing in all its forms
Phishing attacks aren’t limited to just email or even calendar appointments. They may also come in the form of instant messages or text messages (aka smishing) or even phone calls (aka vishing). Follow the same precautions you would for email when receiving links, attachments or requests for personal information by any of these methods.
- Report suspicious activity
Contact the NC State Help Desk at firstname.lastname@example.org or 919.515.4357 (HELP) with any concerns or questions about suspicious calendar appointments, even before you click on any links.
- Delete suspicious calendar appointments.
Remember to remove all events from your Google Calendar.