Support NeoGAF

[XiaNaphryz]

https://techcrunch.com/2016/11/28/its-not-just-you-icloud-calendar-spam-is-on-the-rise/

If you’re using iCloud to sync your calendar across your devices, chances are you just received a bunch of spammy invites over the last few days. Many users are reporting fake events about Black Friday “deals” coming from Chinese users. If you’re looking for cheap Ray-Ban or Louis Vuitton knockoffs, you might find these invites useful. Otherwise, you might be wondering: why is this a thing?

If you use your calendar for work, you already rely on calendar invites to invite other people to meetings and events. All major calendar backends support this feature — Google Calendar, Microsoft Exchange and Apple’s iCloud.

And it’s quite a convenient feature as you only need to enter an email address to send these invitations. You don’t need to be in the same company or even in your recipient’s address book.

But it’s also yet another inbox — and like every inbox out there, it can get abused. How many times did you think that somebody was a tad too aggressive by pushing an invite to your professional calendar before you even agreed to a meeting in the first place?

In the worst case, you can even get spammed by random people who just want to find a way to send you a message. Even if 99.9 percent of people will find this annoying, 0.1 percent is already a good conversion rate when you massively spam millions of people.

Apple can’t see the content of your calendar invites because your calendar data is encrypted on Apple’s servers. So the company can only use some basic limitations to prevent mass spam. And I’m sure these hard-coded rate limits exist.

Either there have been some issues on Apple’s side, or somebody found a way to bypass Apple’s own restrictions. My guess is that somebody found a way to automate calendar spam from many different accounts and IP addresses, making it much harder for Apple to detect it.

In addition to that, calendar spam started around Thursday, just in time for Thanksgiving in the U.S. Many Apple engineers were probably off for a few days, making it a good window to start spamming.

But the most worrying part is that spammers either found a huge database of iCloud email addresses or are using brute force to try all possible email addresses one by one. If you planned on keeping your iCloud email address secret, it might be out there.

Here’s what you should do to prevent iCloud calendar spam.

Option #1: If you don’t use iCloud for your calendar, open the Settings app on your iPhone and System Preferences on your Mac. Head over to iCloud settings and disable calendars to stop iCloud syncing and event invitations.

Option #2: If you want to quickly get rid of the spam, just decline the calendar invite. The good thing is that the event will just disappear from your calendar. If it’s still there, make sure you disabled “Show Declined Events” in your calendar app settings. The bad thing is that the spammer will receive a notification, proving that you viewed the notification, you use your calendar and your iCloud email address is valid.

Option #3: Create a new iCloud calendar, move your spam events to this new calendar and delete the calendar. Make sure you press “Delete and Don’t Notify” when you get a prompt. This way, the spammer won’t know that you saw the notification and that this iCloud email address is valid.

Option #4: Go to iCloud.com on your laptop and open the Calendar web app. Click on the gear icon and open Preferences. In the Advanced tab, you can choose to receive calendar invites as emails. The good thing is that your email client could catch the spam before it shows up in your inbox. And emails are less intrusive than calendar alerts anyway. The bad thing is that you won’t receive any push notification for new calendar events, even genuine ones.

 

[csquared587]

Ive been getting hit by this hard the last week.

 

[mmazurkiewicz]

i just started getting hit with this shit last week and googled a solution. hopefully it works but i'd also like for apple to fix it somehow.

 

[Narag]

I was wondering why the hell this was happening. Thanks for the heads up.

 

[Septimus Prime]

Thanks. I'll read this after my scheduled meeting with scamsrus.biz.

 

[Mortemis]

Just got a bunch earlier today. I've now turned off calendar sync. Thanks.

 

[Incendiary]

Yeah I just got a bunch of these over the weekend for Black Friday crap. Was wondering what it was. Thanks for this, the problem has now been fixed!

 

[riotous]

Interesting; I have iCloud calendar sync turned on but have never received spam invites.

However, I also don't really use the feature, it's just on.

 

[Dalek]

I'd like to meet the scammers who came up with this and beat the ever loving shit out of them. Is their mission in life to just annoy the piss out of everyone?

 

[Diddy Kong]

This bullshit was happening to me for the past few weeks. Finally got it to turn off a few days ago.

 

[Skellig Gra]

I get about 2 a day. Fuck this shit man.

 

[Fantastical]

Well, that explains that. Really shitty.

 

[bloodforge]

Get at least one of these a week. Apple needs to add an option to only show invites from contacts or something to help get rid of this issue.

 

[Savitar]

I got one a week ago, wasn't sure what it was about.

This explains that.

 

[dedhead54]

I wondered if it was just me. Good to know its not but this is shitty.

 

[freenudemacusers]

yeah i've gotten a few of these... and as mentioned, it sucks because declining just sends confirmation that your email address is free for the pillaging.

Get at least one of these a week. Apple needs to add an option to only show invites from contacts or something to help get rid of this issue.

yeah or just add a block list of some kind.

 

[nicoga3000]

At least 1 a day. Fuuuuuck this.

 

[Ninja Scooter]

I got some random appointment about a Black Friday coach purse sale. I thought neogaf user and resident purse expert Bionic77 had sent it to me.

 

[Pastry]

I've been getting a ton of this shit in the past two weeks ugh

 

[-Pyromaniac-]

They're prob working on a fix but it can't come soon enough. DON'T WANT YOUR RAY BANS.

 

[UrokeJoe]

They're prob working on a fix but it can't come soon enough. DON'T WANT YOUR RAY BANS.

Yeah Apple needs to get this fixed fast. Fuck your RAY Bans!!

 

[Oxn]

Good, and i thought it was just me.

I did option 1 this morning too, without ever even knowing this article.

 

[Pastry]

I just got one lol. Who falls for this shit anyways.

 

[Dalek]

I just got one lol. Who falls for this shit anyways.

This is what I'd like to know.

 

[Spiral Insanity]

It definitely is, annoying. Log in to the icloud website and set it up so that calendar invites arrive as emails, so you can mark as spam.

 

[Skellig Gra]

I just got one lol. Who falls for this shit anyways.

Cast a wide net you are bound to catch a couple

 

[Phreaker]

I got two for some Ray Ban shit and I couldn't figure out where the hell they came from, thanks OP!

 

[Owari]

Apple should just remove the uselsss feature all together. If an appointment is really important you should be able to put it in the calendar manually like a normal person.

Yet another sad attempt at failing to copy Android. If I wanted an android phone I wouldn't have an iPhone, Apple.

Also proves Apple still has no idea what they're doing on the web. 2017 in a few weeks and still no web based Apple music or iMessage app. And earlier a .docx refused to attach to my email when a PDF worked fine. A docx I had to copy and paste from the icloud.com Pages app because for some reason there isn't a email document button on there. Google docs and gmail would never have issues like this.

Like these problems seem like pretty easy fixes but they refuse to hire a competent web team, if the complete lack of iCloud.com updates are anything to go by.

Really frustrating being an iPhone owner as of late. iOS 10 is awful too. I'm actually considering a pixel 2 if they don't figure these issues out. I've owned iPhones since they existed but if Android is better (or just actually works) why would I stay?

 

[Garrett Hawke]

I've had this 3 or 4 times in the past week. Ray ban sales. Mess.

 

[Funkyhamster]

I got one of these a week ago and deleted it... good to know I'm not alone, I guess. I didn't realize that declining/deleting the invite lets the spammer know that my address is valid, but I haven't gotten anything since the first one, so hopefully the spammers will continue to ignore me.

 

[Hazmat]

Thanks to this thread I was late to an appointment to shop for sunglasses with my good friend "Two Chinese Characters That I Don't Know."

Seriously though, fuck this spam, I disabled the calendar updates this morning.

 

[Darryl M R]

China don't care.

 

[riotous]

Apple should just remove the uselsss feature all together. If an appointment is really important you should be able to put it in the calendar manually like a normal person.

Yet another sad attempt at failing to copy Android. If I wanted an android phone I wouldn't have an iPhone, Apple.

You create the event on your own calendar, then you add "attendees" generally by email. That's how all calendar software works. If I'm inviting someone to a party, it doesn't matter if I create that event in my Outlook, my Google Calendar, etc. I invite them by typing their e-mail into the "attendees" list and then they get it on their calendar depending on the software they use.

The real "problem" is that apple doesn't have good spam filtering. I can spam someone's google calendar or outlook calendar too, but chances are the very competent google/exchange/o365 whatever spam filter is going to throw it in the junk.

 

[VeryGooster]

I had no idea iCloud calendar spam was even thing.

 

[WhiteRabbitEXE]

In the last 2 days I've gotten this a few times. Never had it before. I don't even know how, I don't use any of that shit. My iCloud is strictly for backing up my phone and nothing else.

My Apple/iCloud account is setup using my Live/Outlook email. Is that what they're sending these through? Or is it my actual @icloud.com email address, that's part of the Apple account, which I've literally never used for anything and only have because I needed to create one for some random setting?

 

[Jill Sandwich]

Wait till you get the iCloud Photo Sharing spam which I got, that you can't do anything about except turn sharing off.

 

[BeardyChan]

As someone who has just got his first iPhone but has been an android only guy this kind of shit is not acceptable. It's rather annoying that Apple has gone this long without spam features of any sort. Not only that but what information are these spammers getting back from Apple? The influx of new spam on accounts I use on iOS has been so dramatic that I'm thinking of switching back to Android. But the damage is already done and I'm trying to mitigate it as best I can, but at the cost of features I want to use.

DL;DR: Apple get your shit together

 

[Appleman]

Apple should just remove the uselsss feature all together. If an appointment is really important you should be able to put it in the calendar manually like a normal person.

Anyone who works in an office using scheduling software knows this feature is a must.

Also proves Apple still has no idea what they're doing on the web. 2017 in a few weeks and still no web based Apple music or iMessage app. And earlier a .docx refused to attach to my email when a PDF worked fine. A docx I had to copy and paste from the icloud.com Pages app because for some reason there isn't a email document button on there. Google docs and gmail would never have issues like this.

There 100% is an email option from iCloud.com Pages:

 

[-griffy-]

It's not just the calendar getting hit with this shit, but photos and reminders too. There is a shocking lack of foresight, and options on the user side, on Apple's part.

That there is no simple option to block invites or limit it to contacts is absurd.

 

[Incitemaybe]

This has been happening to me this week :/

 

[Sanjaaaaaaaay]

Yeah its been making me think I'm working on some days due to dates being dotted.

I was staring at my phone wondering when and where I fucked up?

 

[Valkyr Junkie]

It's not just the calendar getting hit with this shit, but photos and reminders too. There is a shocking lack of foresight, and options on the user side, on Apple's part.

That there is no simple option to block invites or limit it to contacts is absurd.

Yeah I got hit with an iCloud photo invite before the calendar spam. I believe in the case of inviting someone to a shared iCloud photo album, you know the iCloud address is valid before even sending it.

 

[davepoobond]

Yeah I started getting them too and didn't know where they were coming from. Disabled the iCloud calendar sync.

 

[deadlast]

This what I did. There were a few calendars in my iCloud. I found the calendar the bs appointments were showing up on and deleted that calendar.

I used the web iCloud.

 

[btrboyev]

For my first one yesterday. What kind of bullshit is this anyway? Apple has been getting super sloppy with security.

 

[Uno Venova]

I've basically had to completely turn off notifications on Calendar, this sucks.

 

[Owari]

Anyone who works in an office using scheduling software knows this feature is a must.


There 100% is an email option from iCloud.com Pages:

In the settings tab? Shouldn't it be in a share tab? The UI on the web services doesn't match iOS at all. Also doesn't explain why I can't attatch a .docx.

My main point though was why the hell isnt there a music app? They want to compete with Spotify but can't really offer a real alternative without a web player. Would also let iTunes die the death it should have died years ago.

 

[The Albatross]

Just recently started getting some and thought "wtf... I don't remember saving this... I don't even use iCloud calendar..."

 

[gnexus]

Good to know it's not just me. I've started to get several last week, and I just got one today. I thought my iCloud address was compromised. Unfortunately, I declined the invite and I guess the bot saw that email was valid and started upping the general spam emailing frequency(I never received much spam on that particular account before).

 

[Quick]

Got this a few weeks ago. Basically every single day had an event in Chinese, and translating it reveals an invite for some gambling or something.

Anyway, I declined it, changed my Apple ID password. I forgot how simple it was to send out an invite.

Should've done option 3 though. D'oh.