Nigerian Scammers Put Victims on Their Calendars

New Google Calendar exploit is harder for filtering systems to detect



Those pesky Nigerian spam artists are at it again, and this time they're targeting companies like yours.

Nigerian scammers are targeting the corporate world by sending their scam "hooks" as meeting invites in Google Calendar, security vendor BitDefender warns today in an advisory. The emails are personalized, with a different link sent to each recipient, making URL-based filtering harder, the vendor says.

"This is a new and untried social engineering approach," said BitDefender CTO Bogdan Dumitru. "The fact that these things are being spammed in huge numbers is a bit odd -- usually there is a testing phase to evaluate the response rate. Normally, after testing, some techniques are found ineffective and never get used again. This one's different."

The Nigerian scam works by informing the victim that they have inherited or are otherwise due a large amount of money from an unlikely source. The spammer then tells the victim to send a payment in order to "set up the delivery" of the large sum.

Google support has been notified to block the accounts used in the scam, BitDefender said, and the attack has been added to the spam signatures database, which will help anti-spam vendors to filter and block it.

— Tim Wilson, Site Editor, Dark Reading

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio
 

Recommended Reading:

Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Copyright © 2020 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service