iPad and iPhone users are the target of a rather “unique” kind of spam / scam that targets them specifically: spam through the Apple-owned Calendar app.
iOS users can receive invitations through the app, which contain a malicious link. The nefarious part is that their device will draw their attention to this “scam” in two ways: first, the users will get a notification. Secondly, the users will see that annoying red circle on the app that indicates that they have (1) unopened event.
This type of spam only works for iOS users with an iCloud account. Although it’s possible to send “invitations” to the user if they are using another account and have them receive a notification this way, the “response” by the calendar app varies from simply adding the event to showing a notification. No other type of account will trigger the double whammy of a notification AND the red “You missed a thing” bubble on the app.
If you’re wondering how this works, it’s really simple. Like, disgustingly simple. All it takes is sending a calendar invitation to an iCloud user from another iCloud account – this could happen through an iPad, iPhone and possibly a Mac. There is no other way to trigger the double notification for the user -and in many cases the users said they “responded” to the invitation because they wanted to get rid of that (1) that haunted them forever.
Providing solutions and workarounds is our bread and butter, but here is where things get nasty. There is nothing you can do block these types of invitations. There is no feature or mechanic that blocks these unwanted invitations which means that scammers have free reign in trying to exploit this mechanic to alert / scare people into interacting with the links in their calendar spam links.
That’s right, people. Calendar spam is a thing now. If you want to see more about this topic, we made a pretty neat video about it that you can check out.
Categories: Cyber Security