With an approximate 1.5 billion users , Google ’s Gmail serving is so widely used that any misuse of its features can have far - progress to consequences . AsForbescontributor Davey Winder points out , one feature in particular – Google ’s Calendar function – could conceivably direct to junk e-mail invite .
Google Calendar , which is accessible via Gmail , notifies users of scheduled fitting that are either manually inserted or created from an email invitation . The trouble , Winder explains , is in Calendar let anyone to schedule a coming together with a user without email notification and Gmail allowing those events to be mechanically added to Calendar . Because Gmail users assume the invite must be licit , they might get across on a pop - up notification about a fraudulent event , or a link within a fraudulent event , that leads to a malicious onslaught site . In extreme cases , the nexus can go to portals where bank or course credit menu selective information is solicited .
In anexampleused by Black Hills Information Security , which discovered the flaw , a Calendar substance abuser might receive a notice about an “ all - hands ” meeting get in a few minutes along with a inter-group communication to information that will be discussed at the meeting . Feeling a sense of urgency , a user may not examine the reminder too closely , click the link , and be transferred to a site with malicious software .
Though the exposure has been known and publicized for yr , Google is only recently conduct steps to address it , announce via a assist meeting place post that they ’re working to reduce the potential for spam or malicious links to be passed along through the service .
Until then , it ’s best for users to be more diligent when it comes to interacting with the Calendar function . Under the preferences > Event Configuration preferences , “ Automatically total invitations ” should be disabled ; the pick for showing invitations users have respond to should be enable . It ’s also advisable never to follow any tie from a Calendar email from an address or entity you do n’t recognise .
[ h / tForbes ]
