Parents alerted to NurseryCam security breach
A webcam system that lets parents drop in and watch their children while at nursery school has written to families to tell them of a data breach.
The flaw allows cyber criminals to take advantage of a default setting that automatically adds invitations to a person’s Calendar when they are sent via email.
Unsolicited invites then appear as a notification through the Google Calendar app, which if clicked on can lead users to an official-looking page requesting personal and financial details.
The fake invite scam was first discovered by security researchers in 2017 but Google is only now addressing the issue.
Links within the event or notification will then take victims to a fake Google authentication page that captures their credentials.
Google included details of what people should do if they see a suspicious invitation or event in their inbox. It advises recipients to report the event as spam, which will remove all events from that organiser from the person’s calendar.
Notes:
- Don’t reply to event invites from your phone. Instead, follow the directions below to report the event as spam on your computer.
- When you report one event, all events from that organizer will be removed from your calendar.
How to report an event:
- On your computer, open Google Calendar.
- Double click the event you’d like to report.
- At the top, click More Actions Report as Spam.
If you don't want to see events on your calendar that you haven't replied to, you can change your Google Calendar settings.
- On your computer, open Google Calendar.
- At the top right, click Settings menu Settings.
- In the "General" tab, click Event settings Automatically add invitations.
- Select No, only show invitations to which I have responded.
https://www.independent.co.uk/life-style/gadgets-and-tech/news/google-calendar-hack-security-malware-fake-invite-scam-a9102281.html
