Google Works to Eliminate Spam Invites for More Than 1 Billion Users

Google is working to keep unwanted and malicious content from its users.

• By Sherelle Black
• Sep 11, 2019

A simple Google Calendar request from a person to have lunch with you can lead to a host of security issues.

According to Forbes, the Google Calendar app puts 1.5 billion Gmail users at risk as hackers can include a malicious link attached to a calendar invite.

If an user clicks on the link, it could prompt them to fake site that will ask them for their bank account or credit card details.

For example, when clicking on the invitation, a description of the event would note that an important piece of information, such as the user’s PIN number or bank account number, was missing. Once the user inputs the number it would then be sent back to the scammer.

Google says they are aware of the problem and are working to resolve it.

A Google employee wrote this on a post on the Calendar help page, “ "We're aware of the spam occurring in Calendar and are working diligently to resolve this issue. We'll post updates to this thread as they become available. Learn how to report and remove spam. Thank you for your patience." 

 

A Google Cloud spokesperson said the Calendar support post was not confirmation of a new security vulnerability in Gmail or Calendar.

 

"Spam calendar invitations can include both unwanted and malicious content that deceive users, similar to spam email. We are not aware of any security bugs due to the software itself.  As such, it would be misleading to characterize this as a technical security vulnerability," the spokesperson said. 

Forbes reported users can take steps to prevent this from happening by changing their calendar settings from “automatically add invitations” to “no, only show invitations to which I have responded.”

 

Updated Sept. 11: This article has been updated to include a statement from Google.