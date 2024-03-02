



What a hack! This week we learned that spammers can add events to your girlfriend's Google calendar without your permission. You will then receive a notification about an upcoming “meeting,” which is actually an unsolicited marketing message. Let me explain how it happened to me and what you can do to prevent it.

As I was at work on a recent Friday afternoon, I heard my cell phone chime to let me know I had a meeting starting in 10 minutes. However, it was 2:50pm and I had no recollection of a meeting scheduled for 3pm.

So I checked my Google Calendar and saw a meeting listed with “Reign Supreme ??” it's coming. “Maybe this is a meeting I agreed to but forgot about,” I said to myself. The location was listed as “Austin, Texas,” thousands of miles away, but maybe they were talking to a company based there. The event was listed on my work calendar, which is part of Google's Workspace.

(Image credit: Future)

Then I opened the calendar entry to see who the email was from and it said, “Hello. Do you want more clients or customers? We can help by getting you on page 1 of Google.” The text was written. I receive unsolicited emails with this type of offer several times a week, but I always ignore or delete them. There is no way I would agree to meet with the person who offered this.

I then checked my Gmail inbox and couldn't find an email invitation from the person listed in the calendar invitation. I searched for the sender's name, email her address, and even a snippet of text for the event description, but got no results. In the end, the invitation email was clearly in the spam folder (messages marked as spam don't show up in search).

(Image credit: Tom's Hardware)

So it looks like spammers have discovered a nasty vulnerability. They sent emails with invitations to fake events (or perhaps their own marketing calls, which I didn't attend) and included marketing his messages in the event descriptions. This is possible because by default, Google adds events to your calendar that appear in your Gmail messages, regardless of whether you RSVP or not.

The spammer's message was sent to my spam folder, so I didn't see it and had the opportunity to decline the invitation. The message came just minutes before the meeting was scheduled, so I didn't realize it was on my calendar until I received a notification that the event was coming up.

Clearly, Google left a huge security hole in the Calendar/Gmail app. However, the default behavior also has advantages. I can't count the number of times I missed an email invitation to a meeting I needed, but it still showed up on my calendar and I remembered to attend. Unfortunately, Google can't seem to differentiate between spam invites and legitimate ones, and ends up putting all invites into your calendar, even if the email is spammy enough to end up in your spam folder.

The spam event appeared on my work calendar, which is part of my corporate Google Workspace account. However, the same issue may occur with your personal Google account as the default settings are the same.

This vulnerability has been around for years, but I only became aware of it a few days ago. So this is the only time I fell victim to this exploit, and the impact was very minimal, just a distracting notification and a few minutes of wasted time.

How to prevent spam in Google Calendar

If you want to prevent spammers from adding events to your Google Calendar, there are a few settings you can change. Depending on how your calendar is configured, you may have to actively click “yes” to the meetings you want to attend. However, you will not receive spam entries.

To disable automatic calendar addition:

1. Go to Google Calendar.

2. Click the gear icon and select[設定]Choose.

(Image credit: Future)

3.[イベント設定]in,[カレンダーに招待状を追加する]of[送信者がわかっている場合のみ]or[招待メールに返信するとき]Change to. The default setting is “From everyone”, which adds invitations to your calendar.

If you choose to only allow known senders, the system will automatically only add events from senders in your contact list/people you have interacted with before. If you select “When I respond,” only invitations for which you click “Yes” will be added. Change mine to “Sender is known” to automatically add invitations from people within your company.

(Image credit: Future)

4. If you don't want Gmail to automatically add you to your calendar,[Gmail によって自動的に作成されたイベントを表示する]Clear the checkbox. Note that Gmail not only adds invitations to your calendar, but also other events, such as flight departures, when you receive your travel itinerary.

Having your flight departure time automatically added to your calendar can be very useful, but it can also be annoying. For example, my mom went on vacation and forwarded her itinerary to me, so even if I wasn't the one traveling, Google Calendar would let me know that my flight was about to leave.

(Image credit: Tom's Hardware)

If you change one or both of these settings, you should eliminate the possibility of spam in Google Calendar. But it's lame to have to do this.

Google needs to change its default settings to prevent events from unknown senders from being added to your calendar. And the company's tools need to be powerful enough to know that if an event invitation belongs in your spam folder, you shouldn't add that event to your calendar without your explicit consent. there is.

