XiaNaphryz
LATIN, MATRIPEDICABUS, DO YOU SPEAK IT
https://techcrunch.com/2016/11/28/its-not-just-you-icloud-calendar-spam-is-on-the-rise/
If youre using iCloud to sync your calendar across your devices, chances are you just received a bunch of spammy invites over the last few days. Many users are reporting fake events about Black Friday deals coming from Chinese users. If youre looking for cheap Ray-Ban or Louis Vuitton knockoffs, you might find these invites useful. Otherwise, you might be wondering: why is this a thing?
If you use your calendar for work, you already rely on calendar invites to invite other people to meetings and events. All major calendar backends support this feature Google Calendar, Microsoft Exchange and Apples iCloud.
And its quite a convenient feature as you only need to enter an email address to send these invitations. You dont need to be in the same company or even in your recipients address book.
But its also yet another inbox and like every inbox out there, it can get abused. How many times did you think that somebody was a tad too aggressive by pushing an invite to your professional calendar before you even agreed to a meeting in the first place?
In the worst case, you can even get spammed by random people who just want to find a way to send you a message. Even if 99.9 percent of people will find this annoying, 0.1 percent is already a good conversion rate when you massively spam millions of people.
Apple cant see the content of your calendar invites because your calendar data is encrypted on Apples servers. So the company can only use some basic limitations to prevent mass spam. And Im sure these hard-coded rate limits exist.
Either there have been some issues on Apples side, or somebody found a way to bypass Apples own restrictions. My guess is that somebody found a way to automate calendar spam from many different accounts and IP addresses, making it much harder for Apple to detect it.
In addition to that, calendar spam started around Thursday, just in time for Thanksgiving in the U.S. Many Apple engineers were probably off for a few days, making it a good window to start spamming.
But the most worrying part is that spammers either found a huge database of iCloud email addresses or are using brute force to try all possible email addresses one by one. If you planned on keeping your iCloud email address secret, it might be out there.
Heres what you should do to prevent iCloud calendar spam.
Option #1: If you dont use iCloud for your calendar, open the Settings app on your iPhone and System Preferences on your Mac. Head over to iCloud settings and disable calendars to stop iCloud syncing and event invitations.
Option #2: If you want to quickly get rid of the spam, just decline the calendar invite. The good thing is that the event will just disappear from your calendar. If its still there, make sure you disabled Show Declined Events in your calendar app settings. The bad thing is that the spammer will receive a notification, proving that you viewed the notification, you use your calendar and your iCloud email address is valid.
Option #3: Create a new iCloud calendar, move your spam events to this new calendar and delete the calendar. Make sure you press Delete and Dont Notify when you get a prompt. This way, the spammer wont know that you saw the notification and that this iCloud email address is valid.
Option #4: Go to iCloud.com on your laptop and open the Calendar web app. Click on the gear icon and open Preferences. In the Advanced tab, you can choose to receive calendar invites as emails. The good thing is that your email client could catch the spam before it shows up in your inbox. And emails are less intrusive than calendar alerts anyway. The bad thing is that you wont receive any push notification for new calendar events, even genuine ones.