Spam is invading all aspects of our online life, and of late, even our online calendars. I hadn’t thought about embedded malware in calendar invites until I read an informative krebsonsecurity.com blog article this week. I think this is something everyone should know about and be mindful of when receiving calendar invites.
Calendar invites are so easy and helpful in organizing our calendar, and I am always grateful when someone sends me one as it saves me time from having to manually input appointments, which can be very time consuming. But after reading this post, I am going to be much more suspect of calendar invites.
The online calendar spam scam makes sense—the scammer uses a calendar invite just like a phishing email and sends you a calendar invite to pick something up, for a call about a financial matter or to discuss a free offer. The invite has an embedded link with the call-in information, and when you click on it, you have just introduced malware into your system. If you accept, or reject the invitation without opening up any links, you are guaranteed to get a flood of them, so just delete them without doing anything else.
KrebsonSecurity provides the steps you can take to minimize these spam calendar invites: https://krebsonsecurity.com/2019/09/spam-in-your-calendar-heres-what-to-do/
It is clear that keeping an automatic calendar invite containing malware from entering via your email is key to reducing calendar invite spam. Treat calendar invites just like emails and be wicked paranoid about any you aren’t expecting.