What You Should Know About Gmail and Google Calendar Malicious Spam Invites

Carsten Koall, Getty Images
Carsten Koall, Getty Images

With an estimated 1.5 billion users, Google’s Gmail service is so widely used that any misuse of its features can have far-reaching consequences. As Forbes contributor Davey Winder points out, one feature in particular--Google's Calendar function--could conceivably lead to spam invites.

Google Calendar, which is accessible via Gmail, notifies users of scheduled appointments that are either manually inserted or created from an email invitation. The problem, Winder explains, is in Calendar allowing anyone to schedule a meeting with a user without email notification and Gmail allowing those events to be automatically added to Calendar. Because Gmail users assume the invites must be legitimate, they might click on a pop-up notification about a fraudulent event, or a link within a fraudulent event, that leads to a malicious attack site. In extreme cases, the links can lead to portals where bank or credit card information is solicited.

In an example used by Black Hills Information Security, which discovered the flaw, a Calendar user might receive a notice about an “all-hands” meeting starting in a few minutes along with a link to information that will be discussed at the meeting. Feeling a sense of urgency, a user may not examine the reminder too closely, click the link, and be transferred to a site with malicious software.

Though the vulnerability has been known and publicized for years, Google is only recently taking steps to address it, announcing via a help forum post that they’re working to reduce the potential for spam or malicious links to be passed along through the service.

Until then, it’s best for users to be more diligent when it comes to interacting with the Calendar function. Under the Settings > Event Configuration settings, “Automatically add invitations” should be disabled; the option for showing invitations users have responded to should be enabled. It’s also advisable never to follow any link from a Calendar email from an address or entity you don’t recognize.

[h/t Forbes]

Thousands of Disney+ Accounts Are Being Cracked and Sold. Here's How to Protect Yourself

Disney+
Disney+

With an estimated 10 million sign-ups during its debut last week and positive reviews for its marquee original Star Wars series The Mandalorian, Disney’s new Disney+ streaming service has been a resounding success. But making such a high-profile splash is apparently coming at a price. According to CNBC, thousands of consumer accounts are being hijacked and their login information is being shared illicitly online. 

The report, published by ZDNet, alleges that hackers were able to breach usernames and passwords for the service within hours of launch and began distributing them for free or for a fee of $3 to $11—the economy of the black market making a one-time purchase cheaper than paying the standard $6.99 monthly for access to the Disney+ library.

The idea wasn’t to co-opt the accounts but to seize them entirely, using the login to change the email and password associated with the account and locking the consumer out.

A spokesperson for Disney told CNBC that they weren’t aware of any security breach. It’s possible that accounts from unrelated sites were compromised and hackers were able to cull from a database of existing passwords to see if consumers used them for their Disney+ account.

The best way to secure your account for Disney+ or any other service requiring a log-in is to use a unique password for each and avoid obvious parallels to the content. If you’re using “mickeymouse” as part of your login, don’t be shocked if you find yourself locked out of your account one day. Ideally, experts say, the service will eventually incorporate a multi-factor authentication process to make compromising logins—and watching Freaky Friday for free—more difficult.

[h/t CNBC]

Stuck in a Never-Ending Group Chat? Here's How to Stop It

grinvalds/iStock via Getty Images
grinvalds/iStock via Getty Images

The more contacts on your phone, the more likely you will be periodically pulled into the dreaded group chat—a meandering, pestering chain of communication on apps like Facebook or WhatsApp that keeps your cell in a constant state of alert. While some group chats start out informative, they can quickly devolve in utter banality. (One warning sign: a funny nickname for the chat.) How can one free themselves from this chorus and get on with their lives?

David Nield at Gizmodo recently broke down the steps you can take to pull yourself free, though it depends on which chat app you’re using. If it’s WhatsApp, for example, you can go to Settings, Account, Privacy, Groups, and then set who can add you to a group chat. That way, only people in your inner circle can loop you in. If someone who isn't on your approved list adds you to a chat, you'll get a direct message inviting you to join, which you can accept or ignore. If you’re already in group chat hell, WhatsApp will allow you to mute notifications by tapping on the Menu button and selecting Mute Notifications.

Facebook Messenger doesn’t allow you to pre-emptively opt out, but you can exit existing group chats by tapping “i” inside the thread and selecting “Leave Group” in Android or tapping the chat thread and clicking “Leave Group” in iOS.

The same is true of Apple’s iMessenger—you can’t insulate yourself from chats. Once it starts, though, you can leave by tapping the top of the conversation, selecting “i,” and selecting either Hide Alerts (which mutes the chat) or Leave This Conversation. If people in the chat are using SMS, the messages will still come through, however. They have to be either muted or removed from your phone and life entirely.

For tips on how to deal with group chat pain on Twitter and other platforms, head over to Gizmodo.

[h/t Gizmodo]

SECTIONS

arrow
LIVE SMARTER