The Better Business Bureau’s Scam Tracker has been very busy. The organization posted a scam alert involving Outlook and Google Calendar users and fake events posted to their accounts. “Calendar spam” is a new and very real problem that can lead to stolen identity and malware. Users can sync Google and Outlook, so a bogus event listed on one affect both calendars. Those relying on calendar apps need to think twice about unexpected events posted to their calendar, especially if the events have links. If the events are fake, the links can steal PII (personally identifiable information) as well as install malware. Default calendar settings are the problem and the BBB hope users take notice.
If you’re wondering where a calendar event came from, there’s a need for concern. Victims of this scam find unusual posts popping up with links or short descriptions that lure users in. They can involve fake invitations, winning a contest, or other hooks. Worse, hackers can send repeated event reminders until the user caves and clicks. The user ends up going down a rabbit hole designed to draw them in. That curiosity can end in disaster and the BBB recommends going to calendar settings to fix the problem. The setting is likely on “automatically add invitations” and should be changed to the option “accept or reject invitations.” Only then can you choose to delete suspicious invitations and lures before they are posted to your calendar. If there’s an option to “show declined events” make sure that box is checked so you don’t get reminders about events you don’t want on your calendar, especially if you don’t trust them.
Calendar spam falls under the heading of phishing hacks and should be treated just as seriously. Email spam and phishing, fake social media posts, voice calls (vishing), texts (smishing), and more are all threats to our security. Navigating safely online takes commitment but is well worth the effort. Calendar spam facilitates all types of phishing tactics, so one bogus event can trigger an onslaught of attacks. Keeping safe from calendar spam involves anti-phishing basics we can all follow.
Trust your intuition and remember–anything that seems remotely suspicious is suspicious.
Delete any communications that don’t pass the smell test and remember, hackers don’t hesitate to prey on emotions. Any message that tugs on heartstrings or relies on a quick response should be suspect. If you’re not expecting an email or calendar invitation, beware of those showing up unexpectedly, especially if they involve providing your PII. Links and attachments should always be suspect as they’re often a hacker’s calling card. It’s best not to click on a link because they may direct traffic to fake pages designed to steal your PII. Attachments could be loaded with malware including viruses like spyware, adware, and ransomware.
Protecting one’s PII is a responsibility we all share and being armed with phishing cyber-smarts, just may be your best defense.