For the last few weeks, some Apple iCloud users have been experiencing an dramatic increase in calendar invites to fake events, news items, and phony holiday discounts. But unlike email spam, simply declining the events may make things worse increasing the odds of getting more calendar spam invitations in the future.
Lately, spammers have increasingly turned to Apple’s Calendar service instead of sending advertisements and other promotional content through email, effectively bypassing potential email spam filters. As a result, it has created a surge of spam popping up and masquerading itself as Apple iCloud calendar invites. And so, because calendar invitations are mainly triggered either on your phone or Mac computer when someone using Apple’s calendar service adds a person’s email to an invite list then so as long as you are using Apple calendars and are connected or setup using iCloud you will receive a popup notification in your calendar from any person that would have your iCloud email address. And it looks like Apple, at the moment, does not have any method to determine if these invites are coming from legitimate senders (invitees) or not. So, whether spammers have a database of iCloud email addresses they are drawing upon, or they are just sending out these invites to random email addresses in hope that they will catch someone off guard, it is not known. What is known is whether you accept or decline this invite the spammer will then get notified that your email is active and connected to an iCloud account.
Unfortunately, there is no way to block or ignore spammers from sending you calendar invites at this time. There are a several work-arounds, though, that will make it possible for you to keep these spammers out of sight and out of mind until Apple comes up with a solution to this calendar spamming problem – and just for the record, Apple did acknowledge this calendar vulnerability. Users can either disable notifications on their device or configure calendar invites to redirect to their email inbox. To configure calendar invites to redirect to your inbox, users must sign in to iCloud.com on a Mac or PC, navigate to the Calendar web interface by clicking on the Calendar icon. Then in the bottom left corner, click on the small gear icon, select Preferences > Advanced, navigate to Invitations field and choose Receive event invitations as Email. This method will deactivate push notifications for all Calendar invitations, including legitimate requests. Alternatively, users can simply turn off Calendar notifications on their iOS device by navigating to Notifications > Calendar in the Settings app. The settings pane includes options for switching off notifications for incoming invites or all Calendar events.
Regardless of when Apple patches this vulnerability, if you did get caught up with calendar spam, chances are your iCloud email address is now listed in some spammers database as active. With that in mind, I would just ensure that your password for your iCloud account is strong enough that it can’t be guessed by other people or computers. Apple does offer a ‘Two-Step’ authentication process now that is less convenient when logging into iCloud but makes it more secure. For further information you can go to http://support.apple.com and in their search box type in iCloud security. From there you will find all the information you need to stay secure and updated.
Leave a Reply