Twelve years ago, Google introduced a feature to Google Calendar that permitted users to share their calendars with others.
It’s a good feature and very useful in a corporate environment because it gives teams an easy way to act as a team.
Google itself even advertised the “make it pubic” feature of their Calendar as being a cool way to use their search engine to find out upcoming events.
Unfortunately, as with most obsessions, there’s likely a downside. Recently, a security researcher named Avinash Jain found out more than 8,000 publicly accessible Google Calendars, searchable via Google’s search engine.
Many of these calendars include sensitive information. But worse, of all, they allowed any user to add new events that can cause real damage to the system hosting the Calendar.
This is done via maliciously created events or links.
As per reports of Avinash Jain;
He acclaims -that was able to access public calendars of different organizations revealing out sensitive details like their;
- email IDs
- event name
- event details
- location
- meeting links
- zoom meeting links
- Google hangout link and much, much more
This is more of a planned setting by the users and the behavior of the service. The significant subject, however, is that anybody can view anyone’s public Calendar, and also include anything on it – just by a solo search inquiry without being shared the calendar link.
Jain further adds that several calendars belonging to many of the top 500 Alexa company’s employees were made public, which is definitely a cause for concern.
For a while now, Google Calendar users have been helpless to a rather malicious type of spam that seems to have achieved momentum lately.
It works this way: An email containing an invite to an event is forwarded by a spammer to your Google Calendar (this can happen even an email that arrives in your spam folder, and the Calendar on its own puts the appointment into your Calendar — also though the body of the appointment includes a spam link or some other unauthentic content.
There is a method to set up your Calendar so that the spam doesn’t have a chance to enter in at all and to get rid of any crossed-out appointments that you already have.
It’s a three-step process.
- First, stop Google Calendar from by own adding any request/invitation that may be sent to you:
- Drag your mouse on the gear icon On the upper right corner of the page and select “Settings”- In your web Calendar app
- In the left-hand menu listings, click on “Event settings.”
Search for the setting that highlights -Automatically adds invitations- Click on it to get a drop-down menu with three choices.
- That reads-No, only show invitations to which I have responded.”
- Stop any events that are sent to you in Gmail from ending up on your Calendar:
- On the left-hand menu, click -Events from Gmail Uncheck Automatically add events from Gmail to my Calendar.
You’ll receive a warning that-You will now not able to see events automatically added from your email. Formerly added events from Gmail will be removed- Click okay.
As a final point, if you have had spam invitations or requests that you declined or rejected and are tired of looking at the crossed-out entries, you can mark them individually as spam or get rid of the entries employing the below-mentioned methods:
- Click over View options on the left-hand menu
- Ensuring -it Show rejected events are unchecked
- Unluckily, that may not affect how you see rejected events on your phone. To ensure that declined events won’t display up there either:
- Select the three similar lines on the top left of Calendar to pull out the side menu
- Scroll down, and select Settings.
- Select General
- Look for Show declined events and ensure it is toggled off.
This most recent result adds to the line-up already warning of the threats of sharing calendars.
Just a couple of months ago, researchers from Kaspersky Lab found out scammers abusing Google Calendar in different ways. For example, there were phishing scams that included malicious links masked as Google calendar event links.
Stay alert, and be sure you have all staff check their Google Calendar security settings, so you’re not revealing more than you planned to.
Well, if you want to stay away from such scammers we the ITS Guru team can help you stay away from such ironies. Call us right away- 281-789-0059.