The Google Workspace team announced today that it started rolling out a new method to block Google Calendar invitation spam, available to all customers, including legacy G Suite Basic and Business users.
“To help keep your Google Calendar free from spam, you can now select an option to display events on your calendar only if they come from a sender you know,” the Google Workspace team said today.
As we previously reported in 2019, Google has been working on solutions to block bad actors from spamming Google customers with malicious calendar invites.
Two years later, the company finally made it easy to block unwanted invitations by adding a new “Automatically add invitations” setting, allowing only those previously accepted via email instead of having all invitations automatically added to the default calendar.
Such unwanted calendar invitations are commonly used by threat actors in phishing and malicious campaigns targeting Google Calendar users.
To get an idea of how many targets such an attack could reach, the Google Calendar Android app alone has been downloaded more than 1 billion times, according to the app’s Google Play Store entry.
