How a Quirky Gmail Feature Led to a Phishing Scare and a Valuable Lesson in Email Security

It happened one day out of the blue in mid-October. I received a notification that a trip was added to my personal Google calendar � destination: Cebu, Philippines. What? Did I just fall victim to a cyberattack?


I logged into my personal Gmail account and found an email with the travel itinerary. I started to panic, and thoughts of despair began to creep into my mind. How could I have booked a trip to the Philippines when I don�t even have a passport?


A Phishing Attack or a False Alarm?


I stared at my screen for a few moments trying to figure out what to do. I took a breath and thought back on all the discussions I had with my mentor about email security best practices and what to do in this scenario.


I started with the obvious things. I checked my credit cards and, to my relief, there was no charge for a trip. Then I checked the Have I Been Pwned database and didn�t find anything out of the ordinary. However, to be safe, I immediately changed my password.


I went back to the itinerary email and started reading through to make sure this wasn�t a phishing attempt. Rather than click on any of the hyperlinks in the email, I did a search to see if the travel site was legitimate. The site was legit, but I didn�t find anything to prove that it wasn�t a phishing email.


At the bottom of the email, I found two links in the fine print and sta ..