How Google Calendar can be a spammer’s best friend

Last week, we explained how a feature designed to make Google Calendar easier to use can tip off your boss that you plan to ask for a raise. In short, putting some valid addresses in the subject line of your calendar—as part of, say a reminder to “e-mail boss@example.com to demand a pay raise”—automatically adds the reminder to the calendar associated with the boss’ address.

None of that is new, but given the continuing risk of inadvertently leaking sensitive data to bosses, spouses, or others, it was worth repeating. After all, Google engineers have no plans of changing the behavior. It is similarly worth remembering that the behavior is regularly exploited by spammers as a means to get their messages in front of live bodies. Just paste a single message into the body of a calendar entry, fill in as many addresses as possible into the subject line, and voila, the message will pop up as a reminder on desktops and smartphones all over the world.

The image below depicts one of the scams currently circulating over Google Calendar. Again, it’s not a new threat, and it’s not always limited to Google’s service. Similar scams have long plagued users of Microsoft’s Outlook as well. Still, the image is a reminder of why you can’t automatically trust something just because it’s entered into your calendar.

Read on Ars Technica | Comments

via Ars Technica http://ift.tt/1mSvsZC

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s