Calendar spam: now it’s a thing! -TEISS® : Cracking Cyber Security
2 September 2019
Watch out for unexpected invitations in your Google calendar. The links in them may lead you to a ransomware attack.
Checking my Google calendar this morning I found some unexpected entries: three invitations for me to pick up my iPhoneX in the evening.
Odd, as I am Android-only when it comes to phones (and sometimes a bit playful about Apple “fashion victims”). They were obviously not genuine events and, while I didn’t check them out, the links they contained were probably malicious.
A quick web search showed me that calendar spam is increasingly common at the moment. Judging from Google Trends, it started to become something that people searched for on about the 19th of August.
But it is preventable with a simple change of settings.
How does it work? The hackers are taking advantage of the Google Calendar feature that automatically adds events you’re invited to into your calendar as “grey-ed out” notices, even if you haven’t accepted them.
All they need to do this is your email address.
Showing events that you have been invited to has been quite a helpful feature in the past. But now that spammers are using it, you may want to think about switching it off. Here’s how.
- Go to the Settings menu by clicking the cog icon at the top right of the calendar page
- Select “Settings” from the drop-down menu
- Select “Event Settings” from the left side navigation. That scrolls you down to “Event settings” in the main window
- Look for the option “Automatically add invitations” (below “Default guest permissions” and above “Notifications”). There is a little arrow to the right: click on that
- In the pop up box that appears, select “No, only show invitations to which I have responded”. Your selection should be saved automatically
And that’s it. Remember that if you do this you will lose the “show invitations” feature completely, so you won’t just be stopping spam. Hopefully in time Google will develop a way of dumping spam invitations into a spam box.
But for the moment it may be worth keeping the spammers and hackers away from your calendar.
Head of consulting at TEISS
Jeremy is a highly experienced author, trainer and consultant who has worked in digital strategy, marketing and cyber security for 25 years. His special area of interest is how people engage with technology, sometimes known as “human factors”