This one uses your calendar to catch you out. And it’s effective because most people trust it without second guessing 😬
Security researchers are warning that a perfectly normal calendar feature is being exploited to deliver phishing links and scams, without the need to send suspicious emails.
Most calendar apps support external calendar subscriptions. This allows events to automatically appear in your calendar. Think public holidays, school terms, sporting events, industry events, or company schedules…
It can be quite convenient.
But it can unknowingly bring about a problem.
If the organisation providing that calendar closes or their domain expires, your subscription will continue unaffected.
And your calendar will continue to trust whatever is at that address.
If cyber criminals acquire an expired domain, they can send new events directly to people’s calendars.
Those events could now contain links to fake login pages, urgent notices, or malware downloads. And because it appears in your calendar it seems trustworthy.
Researchers have discovered hundreds of inactive calendar domains which are still sending events to users’ devices.
Conservatively they estimate at least four million devices are being affected. With the likelihood that the actual figure is much higher than that.
This threat is not due to a bug. The app itself isn’t broken. Criminals are exploiting exactly what it is designed to do: Trust subscribed calendars.
The risk is when subscriptions are neglected and left unchecked.
From a business perspective this can have substantial consequences.
People tend to trust their calendars. If something is in there, it feels official. And attackers are aware of that.
It’s not something fixed with technical changes, but through behaviour.
Every now and then you should ask:
- What calendars am I subscribed to?
- Do I still recognise and trust the source?
- Do I need this anymore?
Removing old unneeded subscriptions reduces risk without affecting how you work day-to-day.
👉 If something popped up in your calendar tomorrow, would you question it or assume it’s safe?
Leave a comment!