Google Calendar targeted by spam scammers
By Ken Lewis
March 19th, 2008
A new tool that allows Google Calendar users to auto-sync with Outlook may have made the online service a target of Nigerian scammers eager to find new gateways into the corporate world.
According to web security company BitDefender, Google's two-year-old online calendar service is being targeted by Nigerian scam spammers, who are sending their scam ‘hooks' to businesspeople disguised as meeting invites in Google Calendar.
BitDefender says the emails are personalised with a different link sent to each recipient, making URL-based filtering much harder.
"This is a new and untried social engineering approach," says BitDefender CTO, Bogdan Dumitru. "The fact that these things are being spammed in huge numbers is also a bit odd - usually there is a testing phase, to evaluate the response rate. Normally, after testing, some techniques are found ineffective and never get used again. This one's different."
Google launched its free web-based calendar service in 2006, and it has always been compatible with top browsers - IE, Firefox and Safari - as well as competing online and desktop calendar applications.
But a feature recently added may have put Google Calendar firmly in the sights of scammers. The new feature allows users to automatically synchronise with Microsoft's Outlook rather having to do this manually.
The new service means that adding an event in Microsoft Outlook will automatically sync to Google Calendar and be accessible at any time either on your browser or mobile phone. Similarly, if you schedule an event with a future pop-up reminder in Google Calendar it will be automatically seen in Outlook on your computer.
Nigerian scams work by informing the victim they are due large amounts of money once the victim sets up the delivery by disclosing banking details.
BiDefender says Google Support has been notified to block the accounts used in the scam.