Twelve years ago, Google introduced a feature to Google Calendar that permitted users to share their calendars with others.
It’s a good feature and very useful in a corporate environment because it gives teams an easy way to act as a team.
Moreover, Google itself promoted the “make it public” feature of their Calendar as a cool method to leverage their search engine for discovering upcoming events.
Unfortunately, as with most obsessions, there’s likely a downside. Recently, a security researcher named Avinash Jain found out more than 8,000 publicly accessible Google Calendars, searchable via Google’s search engine.
Many of these calendars include sensitive information. But worse, of all, they allowed any user to add new events that can cause real damage to the system hosting the Calendar.
This is done via maliciously created events or links.
As per reports of Avinash Jain;
He acclaims -that was able to access public calendars of different organizations revealing out sensitive details like their;
- email IDs
- event name
- event details
- location
- meeting links
- zoom meeting links
- Google hangout link and much, much more
This is more of a planned setting by the users and the behavior of the service. The noteworthy point, however, is that anyone can view anyone’s public Calendar and also add items to it, simply through a single search query, without needing the calendar link to be shared.
Jain further adds that several calendars belonging to many of the top 500 Alexa company’s employees were made public, which is definitely a cause for concern.
For a while now, Google Calendar users have been helpless to a rather malicious type of spam that seems to have achieved momentum lately.
This is how it operates: A spammer forwards an email containing an event invitation to your Google Calendar. This can occur even if the email ends up in your spam folder. The Calendar automatically places the appointment on your Calendar, regardless of the spam link or any other fraudulent content present in the appointment’s body.
You can set up your Calendar in a way that prevents spam from entering and eliminates any crossed-out appointments you currently have.
Firstly, prevent Google Calendar from automatically adding any request or invitation that may be sent to you. To do this, follow these steps:
- To initiate the process, hover your mouse over the gear icon positioned in the upper right corner of the page, and then select “Settings” within your web Calendar app.
- In the left-hand menu listings, click on “Event settings.”
- Look for the setting that says “Automatically adds invitations” and click on it to open a drop-down menu with three options.
Secondly, ensure that events sent to you in Gmail don’t end up on your Calendar. To accomplish this:
- Choose the option that reads “No, only show invitations to which I have responded.”
- On the left-hand menu, find and click on “Events from Gmail.”
-
Uncheck the option that says “Automatically add events from Gmail to my Calendar.
You’ll receive a warning that-You will now not able to see events automatically added from your email. Formerly added events from Gmail will be removed- Click okay.
In conclusion, if you have come across spam invitations or requests that you declined and are weary of observing the crossed-out entries, you can take individual steps to handle this matter. You can mark them as spam or remove the entries using the methods outlined below:
- Click over View options on the left-hand menu
- Make sure to uncheck the option for “Show rejected events.”
- Unluckily, that may not affect how you see rejected events on your phone. To ensure that declined events won’t display up there either:
- Select the three similar lines on the top left of Calendar to pull out the side menu
- Scroll down, and select Settings.
- Select General
- Search for “Show declined events” and make sure to toggle it off.
- This most recent result adds to the line-up already warning of the threats of sharing calendars.
- Just a couple of months ago, researchers from Kaspersky Lab found out scammers abusing Google Calendar in different ways. For example, there were phishing scams that included malicious links masked as Google calendar event links.
- Remain vigilant, ensuring all staff review Google Calendar security settings to prevent unintended information exposure.
- To avoid scammers, reach out to our ITS Guru team at 281-789-0059 for assistance in staying protected from such situations.