 You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
A bit of a PSA/heads up ...
I noticed an email waiting in my outbox this morning, but I hadn't written any to that point. At first I thought I'd been pwned but a quick check showed nothing reported.
Then about ten minutes ago several calendar notification tabs appeared (I'm on a Mac, don't know what Windows does these days with such things). At this point I realised that a similar notification had come up just before I noticed the email.
On opening Calendar there were multiple such notifications repeating daily for at least a week on my linked google calendar listing. It seems that these are being randomly (I assume) sent and if you click the "Dismiss" option they are coded in such a way as to generate an email from you and send it on. Unfortunately for the spammers they'd entered details of an email server I'm not connected to so the first email had been sitting in my outbox waiting for me to add it.
What's the content of the calendar events and/or emails?
I don't know Mac stuff and not that familiar with Google Calendar, but is 'dismiss' actually doing a decline for a meeting invite? That sends an email on some calendar systems to send the decline.
@Drac - missed that one.
@deadkenny - the "event" was selling cheap/dodgy iPhones. Other than my personal stuff (plus the usual public holidays) I don't use Google calendar that much. As with most computer things these days a lot "just happens" in the background that you may not be aware of so Calendar (Mac and Google) could well send an automated email.
I just happened to spot it but looks a similar attack.
Never seen that use Google calendar at work and regularly otherwise...sounds like some sort of digital attack ...make sure your devices have no aggressive viruses..the likes of troshion horses or similar I mean someone troshioned horsed an xbox I owned and overcame security by spamming it with notifications while accessing the card details(admittedly they fixed that now...
Oddly, I've just now got one of these spam! Forget Mac etc (I don't have a Mac), it's spam direct into the Google account. Went direct to my Google calendar telling me I've won an iPhone. Noting my Google account isn't my primary account and my calendar on devices is via Outlook.
So Google have a hole in their security. I know they've tightened up their GMail API for developers to do audits on third party apps now, but I guess this is through some other hole.
Easy enough to get access to Google Calendar API (I have done work on this stuff), but it shouldn't give me access to spam a private calendar. Though anyone can send someone an invite to an event but I'd expect that to appear in the mailbox also and some calendar systems will put a tentative entry in the calendar).
That said, there's an option 'Automatically add events from Gmail to my calendar' so I've turned that off just in case.
@deadkenny - I followed the theverge link above and the "events" appeared on the web interface in Google Calendar so not directly related to my machine. Until I did that I wasn't sure if it was Mac related or not.
Got the same myself this morning. Telling me that my iPhone X was ready to collect. Now been on and changed the calendar settings so people can't add events anymore.
Bit of a sneaky new approach though
@Cougar - I don't have any Apple things. Still got the spam. As said, just straight into my Google account.
There should also be an option in Google Calendar settings to only show invites you've responded to, and Google are working on fixing the hole they created, supposedly.
Though it seems the various options to stop showing the spam just hides them but they're still there on the calendar until you delete them.
https://techcrunch.com/2019/09/03/google-calendar-spam/
https://support.google.com/calendar/thread/12248214?msgid=12896501