If you have an iCloud account then it’s likely you have been getting spam messages added directly to your calendar. When used for good, this feature is actually very useful as it allows you to setup appointments or meetings with anyone as long as you have their email address. This is not a feature unique to Apple either. Gmail and Microsoft Exchange also allow anyone, even if they are not in your address book, to send you a meeting request.
From reports online, this started around Thanksgiving and new invites have been ongoing since then. The spam invites have a subject similar to “Save 20% on UGGs” or “$19.99 Ray-ban & Oakley Sunglasses”.
That’s something new — spam via iCloud calendar invite pic.twitter.com/ML5eAsqoUv
— Yury Yurevich (@yurevich) November 18, 2016
Another part of they mystery is how the spammers have access to so many iCloud email addresses. There hasn’t been any word if this was a possible database breach or if they are just brute forcing email addresses.
Over at TechCrunch they have several different ways to mitigate this spam until a more permanent solution is found.
Option #1: If you don’t use iCloud for your calendar, open the Settings app on your iPhone and System Preferences on your Mac. Head over to iCloud settings and disable calendars to stop iCloud syncing and event invitations.
Option #2: If you want to quickly get rid of the spam, just decline the calendar invite. The good thing is that the event will just disappear from your calendar. If it’s still there, make sure you disabled “Show Declined Events” in your calendar app settings. The bad thing is that the spammer will receive a notification, proving that you viewed the notification, you use your calendar and your iCloud email address is valid.
Option #3: Create a new iCloud calendar, move your spam events to this new calendar and delete the calendar. Make sure you press “Delete and Don’t Notify” when you get a prompt. This way, the spammer won’t know that you saw the notification and that this iCloud email address is valid.
Option #4: Go to iCloud.com on your laptop and open the Calendar web app. Click on the gear icon and open Preferences. In the Advanced tab, you can choose to receive calendar invites as emails. The good thing is that your email client could catch the spam before it shows up in your inbox. And emails are less intrusive than calendar alerts anyway. The bad thing is that you won’t receive any push notification for new calendar events, even genuine ones.
We have reached out to Apple for how they plan to address this increase in spam as well as any technical details they may have. We will update this post when they get back to us.