Scam alert: Your digital calendar could be under attack by phishing scams
Your calendar is meant to keep you organised, not compromise your security. Here’s what you need to know about the latest phishing tactic targeting digital diaries.
Online criminals are now targeting one of the most trusted tools in daily life: your digital calendar. What was once a simple scheduling feature has become a new channel for phishing attacks, catching users off guard through automatically added meeting invites.
Many people rely on integrated services such as Outlook or Gmail, where calendar invitations sent via email are automatically inserted into their schedules. This convenience means users often do not manually accept invitations. However, that same feature is now being exploited to launch sophisticated cyberattacks
ALSO READ: How scammers are using AI to ‘clone’ your loved ones in minutes
What is the new calendar phishing threat?
Phishing traditionally involves messages that appear legitimate, often pretending to come from trusted institutions such as banks. These messages usually create urgency, warning that an account will be frozen unless immediate action is taken. They typically include a link to click or an attachment to open. In reality, these links and attachments contain malicious software designed to spy on users or steal login credentials.
According to My Broadband, criminals are now adapting this tactic by using digital calendars as the delivery mechanism. Security vendors have raised concerns about the growing frequency of these attacks.
How does the attack work?
The scam begins with an email that appears genuine, sometimes sent from a name such as “Microsoft Administrator”. The message contains a link or attachment and includes a calendar invitation.
Because many calendar systems automatically add events from emails, the invitation is inserted into the recipient’s calendar without any action on their part. At first, the user may not even notice that a new event has been scheduled.
Later, when a reminder notification appears for the meeting, curiosity may prompt the user to open the event. Finding little or no clear information about the meeting, the user may click on the link or attachment within the calendar entry to determine its purpose.
That single action can trigger the phishing attack, installing malicious software or exposing sensitive login information.
ALSO READ: South Africa hit by fake bank and police calls as criminals hijack caller IDs
Why are these attacks increasing?
Although calendar-based phishing attempts first appeared several years ago, they have become more widespread recently. This increase is partly due to attackers using artificial intelligence tools and the growing reliance on digital calendars in both professional and personal settings.
As people become more cautious about suspicious emails, criminals are shifting tactics to exploit less scrutinised platforms, including SMS messages, voice calls, WhatsApp and now calendar systems.
What should you do if you receive a suspicious invite?
If you receive an email containing an unexpected calendar invitation, do not click on any links or attachments. The safest action is to delete the email immediately.
If the event has already been added to your calendar, open the calendar entry, choose “Do not send a response”, and decline the invitation. Under no circumstances should you interact with links or attachments contained within the event.
It is also advisable to block the sender and report the incident to your organisation’s IT or security team.
How can you protect yourself going forward?
Users can reduce their risk by disabling the automatic addition of events in their email and calendar settings. Most major email clients provide instructions on how to adjust this feature.
Activating multi-factor authentication on email accounts adds an extra layer of protection. Services such as Microsoft and Google offer guidance on enabling this security measure.
If you have already clicked on a suspicious link or opened an attachment, disconnect the affected device from the internet immediately and contact your IT administrator. Avoid using the compromised device. Instead, use a different, unaffected device to change the passwords of critical accounts, including your email.
As reliance on digital calendars continues to grow, vigilance remains essential. Simple precautions, careful scrutiny of unexpected invitations, and strong account security can help prevent your schedule from becoming a gateway for cybercriminals.
HOW TO LISTEN TO EAST COAST RADIO
- Listen to East Coast Radio on the FM (frequency modulation) spectrum between 94 and 95 FM on your radio.
- Listen live to ECR by clicking here or download the ECR App (iOS/Android).
- Listen to East Coast Radio on the DStv audio bouquet, channel 836.
- Switch to the audio bouquet on your Openview decoder and browse to channel 606
- Listen to us on Amazon Alexa.
Follow us on social media:
Image courtesy of iStock