Calendar Invite Spam
Trend Micro has a blog entry on calendar invite spam. I've been seeing that as well.
My biggest problem is reporting the spam. How do you get headers out of a meeting invite in Outlook? If I open the msg file the user forwarded, the headers are hidden by outlook. If I look in notepad, the text is encoded. Perhaps another mail client will be nicer.
In the examples I've seen the invite is from Google Calendar. Its another example of spam from a semi-trusted host.
Categories
Spam0 TrackBacks
Listed below are links to blogs that reference this entry: Calendar Invite Spam.
TrackBack URL for this entry: http://www.infosecblog.org/mt-tb20071121.pl/702
2 Comments
Leave a comment
Powered by Ajax Comments
First things first, the following url talks to changing google calendar preferences which prevents the events from being automatically added:
http://lifehacker.com/377925/keep-spammers-out-of-your-google-calendar
As far as displaying header info in Outlook, try changing your default view to TEXT instead of HTML. For general email security I recommend disabling the preview plane -- requires opening messages in their own window but at least you're less likely to open a 'bad' one by mistake. To prevent validating your email to spammers, you should disable automatic display of embedded images and (obviously) don't trust their 'remove me' links. Delete and move on.
Stopping the automatic addition of a tentative meeting when the e-mail is received would leave to mass chaos.
MeetingA sends out an invite for Monday at 1pm. I haven't accepted yet so its not on my calendar. MeetingB looks at my free/busy info and decides monday at 1pm is a great time for a meeting since I'm shown as free at that time. The automatic addition of tentative meetings exists for a reason and its very useful in my opinion.