Protect Yourself Against Calendar Spam

Over the last few weeks many people have been reporting unwanted Calendar invites, usually looking like junk email with a sales pitch and links. It is difficult to get rid of these invites without notifying the sender that you either declined or accepted it. But there is a method to quietly delete the invite. A better solution is to switch to email notifications of Calendar invites until Apple fixes the problem.
You can also watch this video at YouTube.
Watch more videos about related subjects: Calendar (34 videos), Security (130 videos).

Video Transcript

Let's take a in depth look at the problem many people are having with getting spam in their Calendar app. So it's very easy to invite anybody to anything in Calendar. 
For instance, let's create an event called Test and I can add invitees right here and I can type anything I want. Any email address to include them. I don't have to know them. I don't have to actually even know if it's a valid email address. I can just sent it and it will go out. If that's a real iCloud email address, even if it's not iCloud.com  because you can have an Apple ID that's any domain name, the person at the other end will get an invite. 
That makes it very easy to invite somebody without having to have everybody logged into the same system and having setup something in advance. But it also opens up the Calendar system to spam because somebody you don't know can send you a piece of spam as a Calendar event. I can have a link in it. It can have a sales pitch in it. All of that. So what people are getting are these.
So I'm actually going to send myself a piece of this spam from another account I've got just so you can see. On another Mac I have set up an event and have invited this Apple ID, a different one that's logged into the first Mac, to the event.  What's going to happen is I'm going to get the invite. It's going to appear here and it'll appear as an Alert that I can accept or close. Closing just dismisses it for now but it's still in the Calendar and I can see it here as an Alert that's come into the Calendar and I can see it in gray here as an event I have not yet accepted. 
Click here and I can Maybe which basically doesn't do anything. The event is still going to sit there. I can Decline it or Accept it. Now either way the problem is that whoever sent it to me is going to get a notification that the invite was accepted or invite was declined. This is what worries a lot of people. 
But it doesn't worry me so much because I've looked at a these and they seem to be pieces of spam. They want you to click on the link. Hitting Decline and getting rid of it will notify them that you're iCloud account is at that Apple ID but there's really not much harm in this. Especially if you're doing what you're supposed to do in using two factor authentication and a strong password. Then really just knowing that your Apple ID exists isn't going to put you in any danger. As a matter of fact they really do know your Apple ID already exists because they sent you this email. 
Chances are they're not sending to randomly generated iCloud email addresses, they're actually sending to a list. You're probably getting spam from other places. 
So declining I don't really see the harm in it because as long as you are using two factor authentication and a strong password, declining it isn't really going to hurt you in anyway. 
But, if you really wanted to get rid of this without them seeing that you Declined it, then the way to do it is this. 
You want to create a new Calendar, call it Junk or Temp or just leave it as untitled. Whatever you want. Take this and drag it to that Calendar. Now this is part of that new calendar and you can see its got one waiting request there.  I am then going to select this calendar, let's Control click on it, Delete it. The calendar will give you an option to Delete and Don't Notify. There you go. 
Everytime you get one of these you have to create a new calendar. You drag and drop the invitation to that new calendar. Then you Control click, Delete and say Don't Notify. Now there's no notification but you've gotten rid of that quietly.
I haven't been doing this because it's a lot of extra steps. I just hit Decline and I move on. But there's a better way to handle it so you don't even have to deal with these in Calendar at all. 
In Safari go to iCloud.com. So now you have access to all your stuff but in web based form rather than in the apps. But you can go into Calendar. In Calendar you'll see a little Settings button here at the bottom left. Click on that and then go to Preferences. Under Preferences go to Advanced. Here you can change the behavior of iCloud.com to instead of sending you event invitations as in app notifications, so you see them appear inside of the Calendar app, send them to you instead as emails. Emails are easily deleted without notifying anybody. You're probably used to deleting emails that you don't want or spam anyway by just simply hitting the Delete key. So it's a lot easier to get rid of them that way. 
So until Apple fixes this problem, and I have no doubt that they will come up with a good solution, you just switch over to this and then you'll get your invites as emails. Unless you get tons of invites from people this shouldn't  really be too much of an inconvenience for most of us. This is what I'm doing to combat this type of spam and what I recommend as well.

Update: You now have a “Report as Junk” button on Calendar invites if you look at the Calendar in iCloud.com. So if you get one of these, the best way to handle it now is to log on to iCloud.com in the browser, view the invite in the Calendar app there, and hit that link. It deletes it without notification and also tells Apple about it so they can track and perhaps block that IP address or block. I expect this same button/link to appear in the Calendar app in iOS and Mac at some point in the future.

Comments: 3 Comments

    Mike Connor
    9 years ago

    Another approach is to create a new calendar called Junk. Move the invite to the Junk calendar, then delete the Junk calander. Rinse and Repeat until Apple fixes the problem.

    Sue Burnett
    9 years ago

    I used a combination of Gary's and Mike's solutions: Mike's 'Junk' calendar solution worked perfectly as a one-off for the ones that had already come through (which can't otherwise be deleted). I then deleted the Junk calendar, and set up Gary's approach (in the video) to stop any new spam invitations — it's been successful! Thanks for sharing your tips — those spam invitations were a real nuisance :-)

    9 years ago

    Mike: I show exactly that in the video. Maybe you didn't watch the whole thing?

Comments are closed for this post.