Apple Says It’s Working to Fight iCloud Calendar Spam

2 minute read
| News

Apple is finally turning its attention to the growing threat of iCloud Calendar spam, the insidious issue that allows spammers to bypass the usual defenses by exploiting a design flaw in Apple’s cloud Calendar invitations. While not new, a surge in Calendar spam has hit users in recent weeks, prompting Apple to issue a statement by way of iMore‘s Rene Ritchie.

We are sorry that some of our users are receiving spam calendar invitations. We are actively working to address this issue by identifying and blocking suspicious senders and spam in the invites being sent.

The issue is not only the spam — comprised primarily of Asian retailers pushing counterfeit products — popping up unsolicited on users’ iDevices and Macs, it’s the risk of exposing recipients to further attacks by confirming the authenticity of their iCloud accounts.

tim cook spam

iCloud Calendar Spam & You

Here’s how it works: Apple’s cloud-based Calendar platform allows users to send Calendar invitations to anyone. The spammers exploit this ability to send their junk messages in the form of Calendar invites to every conceivable iCloud account email address. When a real user receives one of the junk invitations and acts on it — i.e., clicks “Decline,” “Accept,” or even “Maybe” — the spammer receives confirmation that the recipient’s account is real.

Eventually, the spammers can narrow down their computer-generated email lists to a potent database of verified accounts upon which a concentrated spam and phishing effort can be initiated. This is similar to how spammers refine their email databases, and it’s why many recommend disabling the Mail app’s ability to automatically load remote content in messages.

Putting the Spam Back in the Can

Thankfully, there’s a workaround — which we covered earlier this week — that can help you hide these spam Calendar invites without confirming your existence to the spammers. But this type of workaround is relatively clunky and isn’t a realistic long-term solution.

whack a mole

We don’t know exactly how Apple plans to tackle this issue, but we hope the company is employing a more robust strategy than simply deleting the spam accounts. Such an approach would represent an unwinnable game of whack-a-mole, and would be a disservice to the company’s users who currently have no real solution other than disabling their iCloud calendars.

Until Apple can provide more information, however, all users of iCloud Calendars, including those on Mac, iOS, and even users of third party apps that work with iCloud, such as Fantastical, should stay alert for these spam invites, and take the appropriate action if they receive any.

4
Leave a Reply

Please Login to comment
4 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
4 Comment authors
BurmaYankgeoduckLee Dronick Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
BurmaYank
Member
BurmaYank

Thanks, – now could you please find a way to block THIS: Presidents have the power to text all Americans. Will Trump? – “Donald Trump, US president-elect and Twitter aficionado, will be able to send unblockable mobile alerts* to all Americans starting Jan. 20.” by Joan E. Solsman, CNET-Mobile – December 1, 2016 ——————————— *(“President-elect Donald Trump will have access to a system that can send unblockable texts to every phone in the US once he takes the oath of office. Wireless Emergency Alerts are part of a program created by a 2006 act of Congress. WEAs can be targeted… Read more »

Member
Kishi23

A Decline and Don’t Notify option would be a good start…. Then a spam or junk button also would be helpful

geoduck
Member
geoduck

If we had a setting to ‘only display calendar invites from addresses in my contacts’ that would go a long way toward squashing this.

Lee Dronick
Member
Lee Dronick

And also please work on iCloud Mail spam, give us better filters.