A lot of people use a web-based calendar to track all of their comings and goings. It makes sense. A web-based calendar is a smart way to make sure you have access to your calendar no matter where you are. And one of the most popular calendars in use today is Google Calendar. But, I’ll bet you didn’t realize that Google Calendar can be a giant repository for spam.

Sure, you want things that you put in your calendar to actually be in your calendar. But, what about the things you don’t put in your calendar? For the most part, you don’t want them in your calendar. Especially if that thing is spam.

For a long time now, Google Calendar has had a major flaw. If someone sends an event request to your Gmail account, it automatically assumes you want to go and adds it to your calendar. It does so even if the event request is pure spam.

That’s right. Even if an event request is identified as spam by Gmail and gets sent to the spam folder, the event still ends up on your calendar by default. Until recently, the only known solution was to manually delete these events from the calendar. And since there is theoretically no limit to how much spam someone can send, there’s no limit to how many of these bogus events end up in the calendar.

Surprisingly, people generally like the idea of events they want to attend automatically being added to their calendars. They just don’t want the spammy ones added there by default. It seems like a reasonable request.

Thanks to Flowshare, there are three settings you can make in your Google Calendar to ensure spam doesn’t end up there. The first setting is to make sure you uncheck the Automatically add events from Gmail to my Calendar checkbox.


phishing definition


The second setting is to Choose the option to only show invitations to which I have responded.


phishing tips


The third setting is to uncheck the Show declined events checkbox.


phishing awareness tips


As little as Google does to protect you from calendar spam, it does even less to protect you from phishing emails. And the irony is, the number one threat vector today for Gmail is Google Calendar. “Security researchers working at Kaspersky [found that] users of the Gmail service are being targeted primarily through the use of malicious and unsolicited Google Calendar notifications.

Google’s services are nice, and they’re free. Unfortunately, there have been instances where Google doesn’t natively protect Google users from phishing attacks that use Google services to deliver the attack. For that you’ll need something else.

If you use Google services and are worried about phishing attacks, you should look into protecting yourself with cloud-based phish protection technology that works with all email services, including Gmail. You should look into Phish Protection’s Advanced Threat Defense. It’s fast and affordable. Try it free for 30 days.