Today in unexpected security news, cybersecurity experts are asking web users to keep a close eye on their calendar, as fraudsters are using fake Google Calendar events to lure innocent users into scams
Unwanted invitations are popping up in people’s Google Calendar to try and trick them into clicking links contained within, which will take them to a webpage where dangerous scams or malware await.
Related: Best VPN
How does this work? When you are invited to something in Google Calendar, it is automatically added to your calendar, which means that not only is it there in your Calendar, but it’ll also pop up automatically on both Android and iOS devices you have synced. Many users, understandably, will be confused. Click on a message inside your Google Calendar however and it could actually be a malicious destination, sending you into the internet badlands to contend with criminal plots.
Sound dramatic? It’s only slightly so, as it won’t be immediately obvious where the invitation came from. Spotting this one will require a bit of vigilance, difficult to muster when you’re confused as to why you’re being invited to an invite about receiving a cash reward, which should get your Spidey-Sense tingling, but also chatter about many other appointments which perhaps will not.
You have a few options to combat this. You can ban people from sending you Google Calendar invites, but if you regularly use a Google Calendar for work or socialising that might be a pain, especially if you’re the member of your friend group that never shows up to anything unless someone else sends you an invite to it to ensure you attend. I am that friend. Guilty.
Other options include booting Google Calendar on a desktop machine and selecting “event settings”, where you can turn off “automatically add invitations” to stop events showing up in your calendar until you accept the invitation.
Otherwise, as is the way with many of these, you can always just keep your eyes open and decline any invitations that seem like they were sent in error, or were sent by a source you don’t recognise.