First, it was emails. Then it was text messages. Now the latest phishing scam involves calendar invites. Scammers are taking advantage of default calendar settings to plant phony events laced with phishing links on targets’ schedules.
How the Scam Works
You use Outlook, Google Calendar, or a similar program to keep track of your schedule. One day, you check your schedule, and you spot a strange event that you don’t remember accepting. It seems to be promoting a special discount or offer. The event body tells you to click a link to take a survey, find a nearby location, or something similar.
Where did this calendar event even come from? Scammers are taking advantage of default calendar settings that automatically add any event to a user’s calendar, whether they have accepted it or not. Scammers add a phishing link and a short description to entice targets to click. The link might point to a form that requests personal information or downloads malware to your device.
Avoid Falling for Calendar Phishing Scams
- Never click on links or download attachments from unknown events. Just like emails, out-of-the-blue calendar invites are often attempts to install malware on your computer and/or steal your personal information.
- Change your settings: Check your calendar settings and make sure to turn off any options that say “automatically add invitations” or something similar. You want your calendar set to give you the option of accepting or rejecting every invitation.
For More Information
To report a scam, go to the BBB Scam Tracker. To find trustworthy businesses, go to https://www.bbb.org.