Our email inboxes are always flooded with spam emails. Google and other email providers have been consistently improving their algorithms to filter out spam emails. But hackers and spammers are also coming up with new ways to exploit users. A large number of people have taken to social media to complain that spammers are taking advantage of the tight integration between Gmail and Google Calendar to add spam events with malicious links to their Calendar.
Yes, they can add events to your Google Calendar without your explicit permission. Spammers have been using the same trick for at least a couple of years, though the issue grabbed media attention only recently.
Got a weird Google calendar virus/malware. Deleted it but anyone know who’s behind it/what the scam is they’re running? Cc @josephfcox @matthew_d_green @evacide and #infosec Twitter pic.twitter.com/Pk8RcHkdtm
— Carl Franzen (@carlfranzen) August 27, 2019
Google has tightly integrated its email and calendar services for your convenience. Gmail tries to understand the events in your inbox such as dinner reservations and flight bookings to add them automatically to your Google Calendar. If a spam email manages to bypass Google’s spam filter, it could put fraudulent events containing malicious links to your calendar.
The spammers expect you to check out the event description and click on the malicious links. There, they could trick you into sharing your personal information. If you have been receiving fraudulent event invitations in your calendar, you can put an end to it by choosing to see only invitations you have responded to. Here’s how to do it:
- Launch Google Calendar on your computer
- Click on the gear icon in the top-right corner of the screen
- Click Settings
- Under the General category on the left side, click on Event settings
- Now click Automatically add invitations and select No, only show invitations to which I have responded
That’s all you need to do. Spam mails will no longer be able to add fraudulent events to your calendar. You can also report the event as spam. To do that, double-click on the event, select More Options and then Report as Spam. It will remove all events by that organizer from your calendar.
Meanwhile, Google is working on ways to prevent spammers from adding fraudulent events to your calendar. A company spokesperson told Vice that it would roll out new features over the coming months to let users identify and block spammers.