Member-only story
Desperate Spammers Are Targeting Calendars With ‘Meeting’ Invites
Faced with powerful automated filters on Gmail, criminals have found a new, annoying way to catch your attention
My email inbox is a mess. Ever since my work email address became public, spam has torn through it like a Tasmanian devil trying to sell little blue pills. I’ve resigned myself to the disorder in my inbox, but my calendar is sacred. It runs my entire life, from work meetings to outings with my kids. But now spammers are trying to ruin that, too.
It works like this: A spammer sends you an invite to a “meeting” using the collaborative tools built into Google Calendar, iCloud, or other online scheduling tools. By default, these services add the event to your calendar whether you’ve accepted or not — meaning that spammer’s event proclaiming “hot singles in your area” is now on your agenda, with no intervention from you. In fact, there’s a good chance you won’t see the invite at all: Gmail, for example, may automatically place the invite in your spam folder, but Google Calendar will still process the invite, perhaps leading to a mysterious notification on your phone down the line.
“The vast majority of traditional email spam is blocked by filters, and so they’re trying to find another way to get some eyeballs.”
Unlike email spam, invite spam seems to affect certain people and not others, with no simple reasoning as to why. But there’s a clear motivation behind it: “Desperation,” says Graham Cluley, an independent security analyst. “The vast majority of traditional email spam is blocked by filters, and so they’re trying to find another way to get some eyeballs.” Your calendar lacks the spam filters that your email benefits from, and spammers have found a way to exploit that.
This has been happening for years, explains Cluley, though it’s been getting more media attention lately. Kaspersky Labs, a cybersecurity company, published a press release detailing a rash of these spam…
