Skip to content
  • Print

News, Updates, & Hot Topics

Case in Point Newsletter

The Auburn University internal audit function creates a monthly newsletter, called Case-in-Point, to highlight current issues in higher education.  The newsletter provides a brief description of recent articles describing events related to fraud & ethics, information security & technology, compliance/regulatory & legal, and campus life & safety and then provides a link to the newspaper article that provides the details.  Below is the most recent issue of the Newsletter.  Please contact the Office of Internal Audit & Compliance if you would like to be added to the mailing list for the newsletter.

Hot Topics

1.5 Billion Gmail Calendar Users Are the Target of a Crafty New Phishing Scam

Users of Google's Calendar app are being warned about a scam that takes advantage of the popularity of the free service and its ability to schedule meetings easily.

In business, we schedule meetings all the time. One-off calls, recurring weekly updates, and the like. The latest warning from researchers at Kaspersky indicates the bad guys are using unsolicited Google Calendar notifications to trick user into clicking phishing links.

Here's how it works:

Scammers send a Google user a calendar invite complete with meeting topic and location information. Inside the details of the appointment lies a malicious link that looks like it's pointing you back to for more details.

Once clicked, it's back to the usual tactics of trying to infect the user's endpoint with malware and so on.

This kind of attack has a massive attack surface, given the number of users utilizing Google's Calendar service. It also has that contextual appeal by being hidden within a meeting invite and uses a seemingly valid URL for more information.

Users have long been warned about their interaction with email and the web. Now it's important to add Calendar invites to the list. Organizations that use security awareness training have users that are continually up to date on the latest attack types. This latest method demonstrates how attackers are always updating their tactics, requiring you to be equally persistent and enable your users to make smarter security decisions

From: Cyberheist News - Published by KnowBe4