First it was emails. Then it was text messages. Now the latest phishing scam involves calendar invitations.
According to the Better Business Bureau, scammers are infiltrating default calendar settings to plant phony events laced with phishing links on targets’ schedules.
How the calendar scam works
You use Outlook, Google Calendar or a similar program to keep track of your schedule. One day, you check your schedule and spot a strange event that you don’t remember accepting. It seems to be promoting a special discount or offer. The event text tells you to click a link to take a survey, find a nearby location, or something similar.
Where did this calendar event even come from? Scammers are taking advantage of default calendar settings that automatically add any event to users’ calendars, whether they have accepted it or not.
Scammers add a phishing link and a short description to entice targets to click. The link might point to a form that requests personal information or downloads malware to your device.
Don’t fall victim
To avoid being taken by such a scam:
• Never click links or download attachments from unknown events. Just like emails, out-of-the blue calendar invitations are often attempts to install malware on your computer and/or steal your personal information.
• Change your settings. Check your calendar settings and make sure to turn off any options that say “automatically add invitations” or something similar. You want your calendar set to give you the option of accepting or rejecting every invitation.
For more information on phishing scams, visit bbb.org/phishingscam. If you’ve been targeted by a scam, file a scam report at bbb.org/scamtracker.