Spammers are leveraging Google applications

BitDefender antispam analysts have detected that Nigerian scam spammers are using a new gateway to target the corporate world: Google Calendar. Nigerian scam spammers are targeting the corporate world by sending their scam “hooks” as meeting invites in Google Calendar. The e-mails are personalized, with a different link sent to each recipient, making URL-based filtering harder.

This is a new and untried social engineering approach. The fact that these things are being spammed in huge numbers is a bit odd — usually there is a testing phase, to evaluate the response rate. Normally, after testing, some techniques are found ineffective and never get used again. This one’s different.

The “Nigerian” scam works by informing the victim that they have inherited or are otherwise due a large amount of money from an unlikely source. The spammer then tells the victim to extract the payment in order to “set up the delivery” of the said large sum. Google support has been notified to block the accounts used in the scam.

Image courtesy of Andrew Huff.