It may well be the most wonderful time of the year, but scammers are jumping on your calendar for different reasons.
There doesn’t seem to be a shortage of times when scammers will go after your money. In fact, just the knowledge that you have money they want seems to lure the nefarious-type individuals out from hiding to take it from you.
Scammers have plenty of tactics they can employ, from email to social engineering on Facebook, but recently, there has been a spate of attacks going after your calendar.
These scams aren’t so much attacking your calendar per se, but they are using your calendar as a way to get you to click on a link. Through a combination of your inbox and your calendar, scammers are blocking out a whole bunch of dates with links inside, taking advantage of an exploit in Google Calendar to automatically add dates to a calendar, this time with a link inside.
You don’t have to look too far to see the link is dodgy, though that fact may not prevent people from clicking what is known as the Google Calendar Phishing Scam, yet is recognised as the Russian Calendar Scam.
It’s called that because of how the scams arrive, hitting your calendar with Eastern European characters, setting up the same date with a link for every day for the next two years or so.
Without doing anything, you’ll find the link has made its way into your calendar, appearing on your desktop, your wearable, and any other place your calendar is connected to.
We first picked up on this scam earlier in the year, but it might have been going much longer, with Sophos first picking up on the scam over a decade ago in 2008. That means it’s not new, even if you’ve only just received your first, and it means there’s a solution waiting for you to deal with it.
How do you beat the calendar scam?
You can’t technically stop scammers from sending you the dodgy calendar links in the first place, and if you switch off the functionality from Google that automatically adds events, it may affect everything else you use it for.
But what you can do is delete the events from your schedule, logging into Google Calendar’s online interface and removing the events that way.
If you’ve received a list of calendar events you don’t want, they’ll appear in a large list, possibly overlapped by other events you don’t want.
We’re not going to tell you to click into them, because we don’t want you clicking into what could possibly be a scam. However you’ll know which events are yours and which aren’t, and if they look a little too out of kilter for you, the appropriate act is probably to get rid of them.
To do so, right click on the event on your desktop and remove all the events from the series. Removing one will only get rid of the one, but calendar scammers will have added one every day for the next year or two, a result that is about as consistent as it gets.
Getting yourself removed from that event may end up temporary, because it only takes one more email skipping your inbox and landing in spam for a calendar list to be created, at least until Google works out how to combat it. For now, it’s an inconvenience, though it’s one you can fix on your calendar as and when you need to.