Tag: phishing

Phishing Calendar Invites

Carl Setzer1 Comment
phishing awareness in digital security

Well, it’s been an interesting few days in the land of spam and phishing. Yesterday I wrote about a spam email I received, along with dozens of others that’s gotten a bit silly. Today I noticed an invite in one of my company calendars, “Your order Estimate OYYE03661 has been queued”:

I’ve seen these before, but not in MY calendar.

So, my first thought was “when did my calendar get changed to “add invitations to my calendar” to “From Everyone”. Needless to say, that should NOT be the default. EVER!

So, if you need to know how to change this in Google, here you go:

Go the gear icon at the top-right of your calendar:

Then click “settings”

Scroll down to Event Settings, the “Add invitations to my calendar”

Then change to “When I respond to the invitation in email”

I’m also going to recommend unchecking the “Show events automatically created by Gmail in my calendar”

Anyway, we need to stay vigilant against fraudsters. This is one annoying game of whack-a-mole.

Yet Another Phishing Scheme

Carl Setzer

Got this gem in my inbox this afternoon:

Did a quick Google and found a bunch of references to this as a phishing scheme. The poor grammar and funky URL tipped me off. 

Always be diligent, my friends. 

I Received A Phishing Phone Call Today: Beware, My Friends

Carl Setzer

This afternoon my office received a phone call from “800”. I had just finished one project and was reviewing my notes when this popped up. In a good place to deal with random distraction, I opted to grab the call. As the tech-savviest of my office mates, I’m glad I got this one.

Female Robot Voice: “Your Windows license has expired and your account has been compromised…” at which point, I hung up. Now, a malicious part of me thought I should’ve played this up and trolled the phisher, but, no. I do have a ton of real work to do. Stuff that brings money into the company. But I really did want to disturb these creeps.

It’s not the first of these phishing phone calls I’ve received, just the first one like this one. Different verbiage, different delivery mechanism, but, in the end, the same deal.

So, no, this isn’t legit. No, Microsoft isn’t monitoring YOUR computer. Oh, and Windows licenses don’t “expire”. Last but not least, whether it’s a phone call or a pop-up on your browser, your machine probably isn’t compromised. Exception: if the antivirus software YOU installed is telling you this, it might be legit. In that case, along with anything repeatedly popping up on your computer, consult an expert.

And the Google Docs Phishing Scheme Continues

Carl Setzer

I just got this message from my college (taking an AutoCAD class at Edmonds Community College). It’s the Google Docs phishing scam. You get an email from someone you know that has “shared a document on Google Docs with you”.

Rule #1 with this sort of thing: DON’T CLICK THE LINK!

This has been around the interwebs for some time. The very first of these I saw, I called the sender and asked. And I’m sure you know what they said.

Now, if someone says they got one of these from you, it’s possible your account’s been compromised. It’s also possible you’re being spoofed (someone forged your email address in the “from” spot…it’s pretty easy, actually). I recommend immediately changing your password, since it won’t hurt. You should be regularly changing your passwords, anyway (yeah, yeah…I know…).

Anyway, live your digital life with a healthy dose of suspicion. Trust but verify, and any of a number of other security-esque cliches.

Clearly this is starting to grow again. Here are two articles to explore this fun further (both posted today)

Practice safe computing!

 

 

Subject: “<some name you may recognize> has shared a document on Google Docs with you”

Message:

 

“_______ has invited you to view the following document:”

 

 “Open in Docs” <—– DO NOT click on this link!

————————————————————————————————————————————-

Do not open the document! Immediately mark the email as Spam or Delete it. This is a widespread phishing scam targeting Google Apps. If you accidentally opened the Doc, your email account may be compromised, and your email address will continue to send the scam to everyone in your contact list. Several people at EdCC have already been fooled by this scam, so you may receive this email from someone familiar, such as your instructor, staff at EdCC, or other students.

We urge you to change your password and visit your account security page in EdMail to verify the applications that have access to your data in Google Apps.