Calendar Spam Is on the Rise. Here's How to Avoid It.



By Jennifer Alsever

Forget the inbox. Increasingly, spammers are trying to schedule time on your online calendar.

A flood of unsolicited calendar invites have started cluttering people's Google calendars. After clicking on them, people see the spammer's message and links to websites trying to sell them something, install tracking cookies, or steal personal information.

Calendar Spam Is on the Rise We've been trained not to open email attachments or click on suspicious links. But calendar invites are different.

Whether you click accept, decline, or maybe on the invite, you return a notification to the sender. It's proof that you're a real person at a real email address.

The result: you'll receive even more unsolicited email.

"It feels so invasive – it's your calendar – and if you decline it, you're acknowledging that it's a valid email address so you put yourself on a sucker list," says Kevin Haley, cyber security expert at Norton LifeLock.

"Even worse, calendar spam is potentially even more dangerous if those invites include malicious code. Any button selected could unleash code that steals information, provides hackers remote access to computers, or cripples your company," says Bob Cook, a cybersecurity expert at the University of Colorado in Colorado Springs.

"It could have an enormous impact across your organization," says Cook. He recommends that companies educate employees about how to prevent these kinds of social engineering tactics, which he says make up nearly 80% of all malicious attacks.

Calendar spam isn't new. In 2016, spammers exploited a feature in Apple's iCal that let hackers steal credit card information from people who clicked on a calendar notification titled "Ray-Ban Black Friday Pricing."

This current wave of calendar spam exploits a setting in Google Calendars that automatically populates invitations in calendars. The feature's original purpose is convenience. You're able to see an invite on the calendar and decide if the time listed works. But spammers use this default setting to their advantage.

Google officials say users can report spam and prevent events from automatically being added to their calendars by unchecking default settings that automatically add meeting invites. They also said that the company was investing in new ways for users to identify and block spammers, and that changes may be rolled out in the coming months.

Apple created its own fixes after the 2016 flood of scams. Now iOS users who receive phony iCal invites through email can report them as junk at the bottom of the message.

The trickier problem comes when iCal invites simply show up on an existing iOS calendar. Clicking decline or trying to delete it alerts spammers that they found a real, valid user.

It's recommended that you first create a new calendar category to send "spam" calendar invites to. You can then delete that calendar and the spam messages.

To prevent future calendar spam, iCal users should change their iCloud preferences to receive calendar invitations as email rather than having them automatically appear on calendars.

In the end, Haley, from Norton, says that spammers will continue to target calendars if people continue to be fooled. "The bad guys are continually trying to find ways to make you click."


October 2019


The opinions and views expressed in this publication are for general information only and are not necessarily those of Mutual of America Life Insurance Company.



My Account | Mutual of America SponsorConnect® | Careers | Site Map | Help | Mutual of America Mobile
Home | Group Products | Individual Products | Interest Account & Investment Options | Your Retirement Center | About Us | Contact Us
Connect with us: Connect with us on Facebook Connect with us on Twitter Connect with us on LinkedIn Connect with us on YouTube