Caution: E-mails with fake appointment invitations (May 2021)

Sicherheit (Pexels, allgemeine Nutzung)[German]SPAM e-mails with fake appointment invitations from unknown persons are piling up in mailboxes. The complaints about such fake invitations are raising. The scan is a clever way to steal and/or abuse data of the recipients. After I received such an appointment invitation for the first time, I’m decided to write a blog post.


Below  is an example of such a fictitious calendar appointment invitation, which immediately became suspicious. Neither the topic nor the inviter was known to me. The shortened link just smelled of something unserious.

Spam mit Termineinladung
fake appointment invitations

It seems that especially Outlook users are affected (I use Thunderbird). After a short internet search I found this article and this article with similar warnings. The 2nd article claims that fake calendar appointments scam accounts for 7% of all digital appointment invitations. In my freemail inboxes, these SPAM mails seem to accumulate, but are sorted out as SPAM. The senders may even be frieds or colleagues whose accounts have been hacked. The whole thing seems to have taken on quite proportions by now, as the consumer advice center of German country Bremen recently warned.

Consumer advice center warns of the scam

The latest e-mail spam comes across as harmless and unsuspicious: appointment invitations via the Microsoft e-mail program Outlook – in my case I received the SPAM mail in Thunderbird – but in the end the e-mail program doesn’t matter. E-mail spam, in the current case calendar spam, is so-called phishing with the aim of “fishing” sensitive data such as credit card information, dates of birth and addresses. This data is then either sold or used directly to empty accounts or buy goods in the name of the victim. Email addresses that are proven to be active are particularly coveted.

In order to verify that an address is actively used, the spammers have come up with a particularly perfidious method: spam by appointment invitation,” explains Katja Nonnenkamp-Klüting from the Bremen consumer advice center. The method is not new, it has been around for several years. Recently, such spam invitations and thus the complaints at the consumer center have increased sharply.


SoHow to recognize fraud

The consumer advice center has put together some tips to help users avoid falling for something like this. The first tip: “Be skeptical if you do not know the sender of the mail”. With a mouseover (hovering over the link with the mouse pointer), the target address of the link is displayed – without having to click on the link itself. This is often enough to detect a spam attempt,” explains Katja Nonnenkamp-Klüting. However, the tip does not help if a link shortener is used, as shown above.

If the recipients know the sender, the consumer advice center suggests simply calling the sender and asking whether the appointment invitation is genuine. Often email accounts are hacked and then spam is sent from there using the name of the hacked user.

Be careful when deleting the calendar spam message

The second tip for dealing with calendar spam safely is to delete not only the message from the inbox, but also the appointment in the calendar itself. Affected people should not click on “Decline invitation”, but delete it instead. When deleting, however, another trap looms, because the Outlook e-mail program automatically asks whether the recipient wants to reply to the organizer. Here it is important to select “No.” “Otherwise, the spammer receives the cancellation and thus has exactly the confirmation he was hoping for that this account is being actively used,” says Katja Nonnenkamp-Klüting.

In some cases, the appointment is already entered in the calendar. Then consumers:inside must also be careful when deleting not to inadvertently send a confirmation to the sender – i.e. the scammer, according to the consumer center.

Check your Outlook settings

The third tip to make the e-mail program Outlook more secure is to check the following settings in Outlook: Under File/Options/Email, there is a setting “Automatically process meeting requests and responses to meeting requests and polls.” The option is active by default, but this only means that when an invitation is received, a calendar entry is automatically created, a reply is not sent. If you uncheck it, you don’t have to delete future spam appointments manually.

How to detect phishing

Phishing attempts are becoming more and more skillful. But there are some characteristics that help to recognize phishing:

  • The senders are unknown.
  • The texts are in English or contain spelling mistakes. Often the German umlauts ä, ö, ü are missing or Cyrillic characters appear.
  • Scammers build up time pressure such as, “Respond in the next ten minutes or your account will be closed.”
  • Banks and mobile phone providers do not ask for data or passwords from their customers.
  • Reputable providers do not send unannounced file attachments or ask their customers to click on a link.

Ask VirusTotal

I handled it differently with the above appointment phishing mail. I was immediately suspicious, so I uploaded the address to VirusTotal and got the following feedback. 

With that everything was clear and I have deleted the scam “appointment invitation”.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *