Spam via Google Calendar?

Discussion in 'Windows Vista Help' started by Graham Harrison, Jul 22, 2013.

  1. I'm running Vista with Outlook 2007. This morning I got a new calendar
    alert. I've since completely deleted it so I can't remember the precise
    wording of the alert. I never opened the item either in Google Calendar or
    Outlook (they sync together) but I'm pretty sure it was one of those
    Nigerian letters. I should perhaps add that I not long ago started using
    the BT/Yahoo mail app on a Galaxy S2 and I've also accessed Google Calendar
    from the S2.

    Has anyone had any experience of a calendar piece of spam? Which of the
    various apps and programs is most likely to be where the spammer got in to
    my calendar?
     
    Graham Harrison, Jul 22, 2013
    #1
    1. Advertisements

  2. Graham Harrison

    VanguardLH Guest

    Graham Harrison wrote:

    > This morning I got a new calendar alert. ...
    > Has anyone had any experience of a calendar piece of spam? ...


    Did you yet log into your Google account to check if you chose to
    *share* your calendar? I don't use Google's Calendar but perhaps
    sharing means others can add events to it.
     
    VanguardLH, Jul 22, 2013
    #2
    1. Advertisements

  3. "VanguardLH" <> wrote in message
    news:ksignh$oue$...
    > Graham Harrison wrote:
    >
    >> This morning I got a new calendar alert. ...
    >> Has anyone had any experience of a calendar piece of spam? ...

    >
    > Did you yet log into your Google account to check if you chose to
    > *share* your calendar? I don't use Google's Calendar but perhaps
    > sharing means others can add events to it.


    I've just rechecked and NO, I don't share my calendar with anyone. What I
    do do is synch between Google Calendar their Android app and Outlook 2007.

    I'm not really worried about the fact that it happened. However aware I
    might be new things do happen. It's just that this is not something I've
    seen reported anywhere else so I was interested.
     
    Graham Harrison, Jul 22, 2013
    #3
  4. Graham Harrison

    VanguardLH Guest

    Graham Harrison wrote:

    > "VanguardLH" wrote ...
    >
    >> Graham Harrison wrote:
    >>
    >>> This morning I got a new calendar alert. ...
    >>> Has anyone had any experience of a calendar piece of spam? ...

    >>
    >> Did you yet log into your Google account to check if you chose to
    >> *share* your calendar? I don't use Google's Calendar but perhaps
    >> sharing means others can add events to it.

    >
    > I've just rechecked and NO, I don't share my calendar with anyone. What I
    > do do is synch between Google Calendar their Android app and Outlook 2007.
    >
    > I'm not really worried about the fact that it happened. However aware I
    > might be new things do happen. It's just that this is not something I've
    > seen reported anywhere else so I was interested.


    Since you didn't share your Google calendar (either public or with
    particular other users), and assuming it was spam as you claim (can't
    really tell since you never looked at it), then change your Google
    account's password. Also change the answers to the personal questions
    used by their "Forgot password" procedure since a hacker would already
    know those to get back into your account after you change the
    password.

    Without sharing the calendar or use of your Outlook profile, and if
    the event was not created by you, then someone else logged into your
    account to add the event. This time use a strong password. Make sure
    you don't use the same password at different sites. One site, a
    malicious or hacked one, might know your password there. If you use
    the same one everywhere then they can get into all your other
    accounts, too.

    Use a strong password and use a unique password for each account.
    Conversely, don't use weak passwords and don't share the same password
    across multiple accounts.
     
    VanguardLH, Jul 23, 2013
    #4
  5. "VanguardLH" <> wrote in message
    news:ksl3un$ucs$...
    > Graham Harrison wrote:
    >
    >> "VanguardLH" wrote ...
    >>
    >>> Graham Harrison wrote:
    >>>
    >>>> This morning I got a new calendar alert. ...
    >>>> Has anyone had any experience of a calendar piece of spam? ...
    >>>
    >>> Did you yet log into your Google account to check if you chose to
    >>> *share* your calendar? I don't use Google's Calendar but perhaps
    >>> sharing means others can add events to it.

    >>
    >> I've just rechecked and NO, I don't share my calendar with anyone. What
    >> I
    >> do do is synch between Google Calendar their Android app and Outlook
    >> 2007.
    >>
    >> I'm not really worried about the fact that it happened. However aware I
    >> might be new things do happen. It's just that this is not something
    >> I've
    >> seen reported anywhere else so I was interested.

    >
    > Since you didn't share your Google calendar (either public or with
    > particular other users), and assuming it was spam as you claim (can't
    > really tell since you never looked at it), then change your Google
    > account's password. Also change the answers to the personal questions
    > used by their "Forgot password" procedure since a hacker would already
    > know those to get back into your account after you change the
    > password.
    >
    > Without sharing the calendar or use of your Outlook profile, and if
    > the event was not created by you, then someone else logged into your
    > account to add the event. This time use a strong password. Make sure
    > you don't use the same password at different sites. One site, a
    > malicious or hacked one, might know your password there. If you use
    > the same one everywhere then they can get into all your other
    > accounts, too.
    >
    > Use a strong password and use a unique password for each account.
    > Conversely, don't use weak passwords and don't share the same password
    > across multiple accounts.


    I'm grateful for the advice but it doesn't answer the question.

    What I want to know is whether this is a known method of attack? It's not
    one I've experienced previously or even seen reference to and it doesn't
    seem to be something that the various anti spam/phishing/virus etc software
    takes account of.
     
    Graham Harrison, Jul 23, 2013
    #5
  6. Graham Harrison

    VanguardLH Guest

    Graham Harrison wrote:

    > I'm grateful for the advice but it doesn't answer the question.


    It does answer the question *if* your account was hacked. Since there
    is no audit records available to you showing when you or someone else
    logged in, from where (IP address), and what actions were committed,
    you won't know if your account got hacked until you start getting
    complaints about spam originating from your account (where the
    Received headers show it came from your account and not the From or
    Rely-To headers that can be anything specified by the sender -- and a
    LOT of e-mail users haven't a clue that From does NOT dictate who is
    the sender but what the sender wants to claim as themself).

    > What I want to know is whether this is a known method of attack?


    I addressed a possiblity on HOW it could happen. No, hasn't happened
    to me but then I use strong passwords, unique passwords for each site,
    and don't use family names, addresses, soc sec nums, or other info on
    my that can be looked up for the secret security answer for the Forgot
    Password process. Luckily my local security is strong enough that
    I've not been afflicted with keyloggers. And I don't share my Windows
    profile with other users.

    As to your question of whether someone else has encountered Google
    Calendar spam, well, gee, you already know how to Google, right?

    http://www.google.com/search?q=google calendar spam

    Hmm, looks like Google Calendar has a "feature" (flaw) in inviting
    "guests" (spammees) to an event. All they need is an e-mail address,
    and they have scripts to generate those along with sites to cull them
    and bots to harvest from Usenet.

    Is that your correct e-mail address that you weakly obfuscated in the
    From header of your posts here? You think spambots haven't already
    been coded to parse out "remove", "nospam", "noemail", and other
    common and weak phrases from e-mail strings? If your true e-mail
    address is edward<dot>harrison<one><at>btinternet<dot>com then the
    spambots already have your true e-mail address. The spammer can use
    their script to use your true e-mail address from their harvested hit
    list to invite you via an event they add to their calendar. Unless
    you disable it, you'll get invites from anyone in your calendar.

    In my Google search above, the first hit went to:

    http://www.labnol.org/internet/prevent-google-calendar-spam-inserting-new-events/2900/

    It tells you how to configure your Google Calendar to avoid these
    public invites from getting into your calendar. Now would be a good
    time to go through all the settings for all the Google services that
    you use to make sure they are configured how you want instead of using
    the defaults.

    If you don't protect your e-mail address then expect it to get abused.
    Start looking into doling out aliases (not just forwarding addresses)
    to each recipient that wants one or anywhere it might get published.
    Make sure to use a unique alias each time you dole one out. If the
    alias identifies to whom the alias was given or where you used it then
    when it gets spammed then you know exactly who or where it got abused.
    And aliases won't be tied to any Google account. While I use the free
    Spamgourmet service to let me create aliases on-the-fly (I don't have
    to login to dole them out), there are other aliasing services (e.g.,
    Sneakemail). Don't bother with SpamMotel as they are nearly dead, are
    slow, and don't maintain their service. Don't use a forwarding
    service that merely redirects e-mails to your true account. Why not?
    Because when you reply, you will be replying using your real account
    and then the other party will know your e-mail address.
     
    VanguardLH, Jul 23, 2013
    #6
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. AlexW

    I can connect to google.ca but not google.com

    AlexW, Sep 8, 2006, in forum: Windows Vista Networking
    Replies:
    4
    Views:
    1,246
    George Geczy
    Sep 11, 2006
  2. Buck22

    Synchronizing Windows Vista Calendar w/Google Calendar

    Buck22, Apr 16, 2007, in forum: Windows Vista General Discussion
    Replies:
    1
    Views:
    458
    gpzbc
    May 9, 2007
  3. Fyvush Finkel

    SPAM SPAM SPAM

    Fyvush Finkel, Jul 4, 2007, in forum: Windows Vista General Discussion
    Replies:
    0
    Views:
    657
    Fyvush Finkel
    Jul 4, 2007
  4. JamesJ

    Spam, Spam and more Spam

    JamesJ, Jun 30, 2008, in forum: Windows Vista Mail
    Replies:
    18
    Views:
    928
    Gary VanderMolen
    Jul 13, 2008
  5. Thomas Fisher

    Preventing to auto-switch URL from google.com -> google.de

    Thomas Fisher, Oct 31, 2007, in forum: Internet Explorer
    Replies:
    1
    Views:
    1,161
    Don Varnau
    Oct 31, 2007
  6. owenroberts
    Replies:
    2
    Views:
    1,473
    wesley-nl
    May 3, 2009
  7. victek
    Replies:
    0
    Views:
    368
    victek
    Aug 3, 2008
  8. myankelovich

    Calendar and Google Calendar

    myankelovich, Jan 21, 2009, in forum: Windows Live Mail
    Replies:
    5
    Views:
    323
    ...winston
    Apr 14, 2009
Loading...