I was just checking the calendar function on my computer for an upcoming event and I saw a notice on today’s date. It was somewhat incoherent. It spoke of a shipment that was being sent, a guest list I am supposedly on, and a “Premiere Membership” subscription that was being renewed at a cost of $536.55.
It is, of course, a scam. The purpose is to get me to contact the company and ask for information. By doing so, the scammers hope to obtain additional information from me. I will not be contacting them. (But I have notified my bank.)
All that said, I’m wondering how they were able to get this into my calendar. Past scam attempts have come to me via telephone calls, postal letters, and emails, which are all accessible to other people. But how were they able to plant a fake notice on the calendar in my computer? I didn’t realize this had any public access.
If a scammer was able to do this, I worry about what other access they have to my computer.
What calendar program are you using? Is it synced to a cloud-based calendar, like Google Calendar or Apple Calendar? If so, it might be that your cloud account is compromised.
I’ve had my Google calendar show events that came through on my email even though I didn’t add them to my calendar. They usually are in light grey, like this:
If the scam event is like this, it could be something that Google did from peeking into your email.
A lot of integrated calendar and e-mail clients will automatically put event invitations received by e-mail into the calendar, at least tentatively. This is true whether or not the calendar/e-mail client is cloud-based. I think it’s much more likely that the OP is using such a setup than that their calendar account has been compromised.
Personally, in the past week I’ve seen a huge and sudden uptick in spam and scam e-mails containing calendar invitations. Despite calendar services having worked this way for decades, I think spammers and scammers have only just now realized that they can exploit this feature.
There should be some setting in the e-mail client that can tell it not to automatically add calendar entries from untrusted sources, or not to add them at all unless the user manually accepts the invitation.
I’m using Outlook for its calendar function only, but it also gets my email because, I think it insisted when I set it up. The calendar does not seem to be cloud-based, I also installed Outlook on my smart phone so I could have my calendar with me, but the calendar portion does not seem to sync with what’s on my PC. Am I vulnerable to this sort of thing? I haven’t had any instances so far.
Get someone to send you a calendar invitation by e-mail and see what happens. If it appears in your calendar, then you should look for and adjust the setting in your e-mail clients that automatically adds calendar events.
We run Office 365 and there has been a huge jump in this in the last months. They send a meeting invite with an HTML attachment hoping you will click on the phishing link.
In their infinite wisdom, Microsoft has removed the ability to silently delete a meeting on your calendar without sending a decline. Luckily all of these invites come from dummy email addresses and the declines bounce anyway.
I use Outlook and I had a recurring appointment on my calendar I never accepted. It was something that Outlook decided it needed to add even though I never accepted the appointment. Even after tracking down the original email invitation and deleting it (from my junk folder), I still had to go in and remove it from the calendar separately.
Best of all, it was some link to a porn site from best I can figure (I of course never clicked on the link but inferred it from context).
I think that modern mail clients try to be “helpful” so you don’t miss anything, and in so doing screw things up. Fortunately there was no security violation in this, just a really irritating inconvenience.
I got just such an automated spam in my calendar last week. I didn’t even know that feature was active, as it’s an email I don’t use often anymore. I had changed the setting already for my more commonly used one, but not the older.
Thanks. I was going to check this setting anyway, but I can’t find anything like it, either in Outlook or in Comcast Xfinity email. I guess I’ll wait until I have an instance before I pursue this further.
I’ve seen quite a few scam emails recently that were in the form of calendar invitations; the default setting for some calendars is to show unaccepted invitations as ‘tentative’ or similar - so they appear in the calendar - I suppose that’s useful in cases where the invitations are normal and not scams, but it’s worth reviewing the defaults/settings for how calendar invitations are shown and/or accepted.
It doesn’t even have to be an invite. If Google determines that the email relates to an event somehow, it will often create an event for me. For example, I get a ticket confirmation from the airline, and my calendar now has my flight. I get confirmation that I signed up for a Meetup event, and it is automatically added.
As others said, spam emails are the most likely cause, not your calendar being compromised. If you’re looking for the email that caused it, don’t look only at those with an actual event invite.
I’m guessing it’s clever programming, just like how the email system (or Word, etc.) will highlight a website if the text fits the pattern of a website, or how your phone will hilight something that fits the pattern of a phone number (so you can click on it to call) etc. Your email/calendar app recognizes event times in the text and assumes.
I’ve adjusted my calendar settings as Reply suggested above.
I looked through my emails to see if I could spot any that looked connected but I didn’t see any. I suppose that doesn’t mean anything; the scammers probably sent an email that had no apparent connection to the calendar entry to hide their involvement.
In a GCal event, if it was automatically created from an email, it should have a link to the original email at the bottom of the event:
If you click that “View confirmation” link, it should take you back to the Gmail that caused it. You can then make sure to block that sender or set filters to prevent similar ones, etc.
Or hopefully that settings change would do the trick going forward; it probably just isn’t retroactive to the spam you’ve already received.
Edit: Oh yeah, it won’t clear existing spam you’ve already received
