Spam is annoying enough when it gets through filters and clutters up your inbox. But the unwanted, unsolicited junk email is now finding its way into some users' calendars, too.
Spammers are now crafting new types of email messages that exploit a feature in Google's email and calendar integration. The feature automatically adds meeting invites to your calendar. The meeting appears as an outline, until you accept it. But it is still added and displayed in your calendar.
Clicking on the event description reveals the spam message, which often contains malicious links. The spammers hope users click through to a website that confirms your account is active, where you will subsequently start receiving more unsolicited emails. A worse case scenario could land you on a website that tries to trick you into giving up personal information.
In a recent interview, a Google spokesperson told ZDNet their terms of service prohibit people from using their services to spread malicious content. They also said they offer warnings of known malicious URLs to those who use their Chrome web browser.
"We remain deeply committed to protecting all of our users from spam," the spokesperson said. "We scan content on Photos for spam and provide users the ability to report spam in Calendar, Forms, Google Drive and Google Photos, as well as block spammers from contacting them on Hangouts."
The good news for Google Calendar users is that a simple option can help stop the spam, but still keep most of the functionality. Here's how you can change them in three simple steps.
Changing this setting will still add a meeting to your calendar, but only after you accept the meeting invitation. For Gmail users, this can be performed from the subject line without having to open the email.
While Google Calendar spam is growing, spamming meeting invitations in online calendars is not new. Spammers were able to exploit a similar Apple feature in 2016. Like the Google Calendar spam, a simple iCloud setting change is all that is needed to remedy the loophole.
Hackers and spammers are constantly evolving as they attempt to exploit features and apps people use on a daily basis. When it comes to apps and services, free doesn't always mean free.