Beware of Calendar Phishing Attacks

Welcome back to another episode of Cappuccino Chat. This time we're talking about a new fishing scam out there involving your calendar. All right, so this time on Cappuccino Chat, we're going to talk about a new fishing scam that's out there that's attacking our Microsoft 365 calendars. And this is kind of taking advantage of a feature I actually liked prior to this kind of attack going on. And this is where you'll get an email with a calendar invite and whether you accept it or reject it. Um it kind of tenatively sets it on your calendar so it shows up on your calendar for that date. That way something else doesn't get booked and those kinds of things, right? So we get a lot of email during the day. So a lot of times we've had some clients now contact us on this emails just get away from them and they don't see those emails there. Uh but all of a sudden this weird calendar invites there with sometimes attachments, links inside of it with instructions to do something for this meeting. Um so we need to be very careful with this. And what we found is if you just um find the email and hit decline, well now you've told the scammer that you're real and that you're active. So you you don't want to do that, right? So, don't hit the decline button to remove it from your calendar if you do see that email. Definitely don't hit hit accept, right? Don't open any attachments or links inside there. What you want to do is on the original email itself, don't delete it either because deleting the email we found actually still keeps the calendar meeting invite on your calendar. But if you permanently delete the email, then it will permanently remove the calendar invite as well and not notify um the person that sent it. So what you want to do is on that email, you want to hold down the shift key and then hit the delete key. And a little window is going to come up and says, "Hey, do you want to permanently delete this message?" You want to answer yes. Now, this is where it bypasses the trash can, the deleted items in your Outlook. So, this is another way if you don't want to clean out your deleted items all the time for junk mail, highlight all that junk mail in the morning, hit shift delete, and then it's not even going to show up in your deleted items. It's just gone and gone for good. So, but that's what you want to do on these types of attacks. So, if you find you got to find that email and then do a shift delete on it. If you've already deleted the email, uh then the best thing to do is just ignore the meeting invite. Just move on. Don't interact with it at all. Uh and then just be v vigilant if you get any more of those emails that you do just permanently delete them and then they will remove from your calendar. So, they're coming up with new ways to attack us. Again, like I said, I really like this feature before because sometimes when you get busy and you get an email in or you're working on something and somebody invites you and maybe you don't get back to your email for an hour or two, it's kind of nice that it blocked out um my calendar for me. So, nothing else got booked. I didn't try to book something. Somebody else didn't try to book something for me at that time. But now with this scam, it's kind of like ah it's a little bit of a catch 22, right? Do we do we like it? Do we not like it? So, is it a feature or is it a bug? Uh, I'm sure Microsoft's working on helping us with different ways to combat this kind of attack, but it's probably it's going to take a while. So, be vigilant. If you see these weird meeting requests, meeting on uh blockouts on your calendar, don't interact with them. Hopefully, you can find that email and do that shift delete trick and then get those deleted. As always, if you have any questions about this or anything else IT related, technology included, uh, cameras, video setups like what I'm using here, uh, anything that you might be, uh, needing some help with, please feel free to reach out to me at our office 760-770-5200.