Protect your calendar from fake calendar invites
Just like email phishing, cybercriminals may also send fake calendar invites that appear on your Google calendar. These "events" often include links or meeting invites designed to trick you into giving away personal information or clicking on malicious links.
Proactively protect your Google calendar
Most Google Calendar default settings are set to automatically add invitations to your calendar from everyone. Change this setting to Only if sender is known:
- In your Google calendar, click the gear icon > Settings > Event settings
- Under "Add invitations to my calendar", choose "Only if the sender is known"
This option will only add an event to your calendar if the sender is in your contacts, part of the UMN, or someone you've interacted with.
How to spot phishing calendar events:
- Unexpected calendar invites from someone you don't know or weren't expecting.
- Suspicious links or attachments: the event description includes links, QR codes or files urging you to click, download or "verify" something.
- Urgent or too-good-to-be-true messages: the event title or details use scare tactics or promises to get your attention.
What to do if you suspect calendar phishing:
Report the event as spam. It must be sent from Google Calendar. When you report an event, the event is removed from your calendar:
- In Google Calendar, click the event you want to report
- At the top right, click More actions > Report as spam
- Don't click links or open attachments in suspicious calendar events.
- Don't click "decline" or "no". This just confirms to the spammer that your email address is active.
For more information about email scams, please see the UMN webpage Recognize and Report Email Scams.
Article by Karen Matthes, Extension Learning Technologies, klm@umn.edu
Comments
Post a Comment