Don't be a phishing victim: Is your online event invite safe to open?
Online events are growing ever more popular thanks to their convenience and accessibility, but Google Calendar and other invite tools are being misused by cybercriminals to trick unsuspecting people into falling victim to their phishing schemes. Before you open an invite to an event online, here's how to make sure it's safe.
Make sure the sender is legitimate
Receiving a surprise invitation for an event online is not a red flag. With more of your favorite businesses and acquaintances using online events as a means of socializing from home, you shouldn't instantly delete an invitation just because you weren't expecting it. However, you should double-check the sender before taking action.
If the invite supposedly came from a business, consider if you're subscribed to promotional emails for that company. If you are, you can easily verify the event with a quick internet search. If nothing comes up, the invite you got may be bogus. If you're possibly interested in attending, you can reach out to the company's support team through their website (not via the email you received) to make sure it's legitimate.
More commonly, the event invitations you receive will come from an individual, perhaps someone you're connected with on social media, someone from your company, or an old friend. Recognizing the sender's name is a green flag, but it's not a surefire way to know that the invite is safe.
Protect your device and network
If you plan to open an online event invite, it's a good idea to check to make sure that your antimalware/antivirus software is up-to-date and turned on. It's also wise to invest in a service that protects all of your devices—including your phone and tablet—and provides a layer of security for your entire network.
Once you know that your device and network are protected from major threats, you can proceed with opening the invite if you recognize the sender and you're interested in the event.
Do not respond to requests for personal info
There's a reason why so many people fall victim to phishing schemes each year. Cybercriminals have grown incredibly advanced, and they are very good at hiding these schemes behind very legitimate-looking emails. Some even leverage trusted tools, like Google Calendar, in order to sneak their malicious links and messages into your inbox.
Once you open an invite, don't let how it looks fool you. Instead, read the message to collect any details about the event. If the sender is requesting that you click a link to provide personal information or that you respond to the email to do so, it's probably a scam.
If you don't know the sender and they're asking for personal information, you should likely dismiss it as a scheme. If you do know the sender and they're requesting any personal info (e.g., phone number, full name, etc.), you should contact them directly to share any necessary details.
Check links before clicking on them
Before ever clicking on a link inside of an email, even one from a trusted sender, you should hover over the link first. This will cause the link's destination to pop up on your screen, which allows you to evaluate the website it will take you to.
Some warning signs to look for:
- The destination URL is a third-party short link, like TinyURL or bit.ly.
- The destination does not match where you expect the link to take you.
- The destination URL ends in a strange extension, like .doc.
Hackers sometimes disguise malicious websites and files by inserting a seemingly harmless destination link but then use redirects to forward you somewhere else entirely. To be sure, you should use a link safety checker before clicking. A link checker will tell you the spam score of the destination site and offer any information about any files that were downloaded upon clicking.
If you trust the sender, you're interested in the event, and it passes a link safety checker, you can click on it—just make sure your device and network protections are activated.
What can go wrong if you make a mistake?
If you click on a link and it turns out to be a scheme, a few things could happen: information could be collected about your device, files may be downloaded without your knowledge, or you could be tricked into sharing personal information or login details.
Sometimes, you won't realize that you've clicked on an illegitimate link or exposed your information until it's too late. Not only are the links very well disguised, but the destination pages often look quite convincing too, especially if they're asking for credentials.
In the event that you make a mistake, the first thing you should do is scan your computer and network using trusted antivirus software. This software will detect any malicious files on your device and help you quarantine and remove them. You should also change any credentials that you may have exposed to the scammer.
If you have received an invite to an event online and you have reason to believe it's a phishing scheme, you should report it as spam to your email provider. Also, if the email is impersonating a company, do a good deed and let that company know so they can alert other customers who may also be targeted. By remaining diligent, you can keep your information safe.
Kaspersky can protect all of your devices and your network from phishing schemes, malware, and other major threats. Kaspersky Security Cloud provides antivirus protection for all of your devices, accompanied by real-time scanning to identify and protect you against threats. With a VPN, you can browse the web safely without fear of tracking or data interception, no matter where you go.