Beware of iPhone Calendar Spam Attacks
iPhone calendar attacks are on the rise. If your iOS device's calendar is filled with events that look like this:
You're probably a victim of this widespread attack. The good news is that removing the spam events is an easy process, and you likely aren't comprised unless you clicked the link in the events and signed up for their malware "security" application
This attack isn't a virus but rather a socially engineered spam campaign, and it's been around since 2016. It usually comes from a scam website that often compromises another site. Different versions of this include a fake captcha or other links that open a "Subscribe to Calendar" prompt on your phone.
Clicking “OK” to add the calendar subscription results in all the events in the spam calendar being added to your device’s Calendar app. This often occurs in the Safari browser, and there are variations of this that happen on macOS and Windows devices.
In fact, it's so prevalent that Apple made a video describing how to remove the calendars: https://www.youtube.com/watch?v=FgKO3Ed9-Bs
The easiest way to remove the calendars is to go to your Settings app, and click on Calendar, and then on Accounts. Delete any calendar on that page that you don't recognize. The spam calendars usually have a name you won't recognize or are just a series of letters/numbers. Some may even be a blank name, created by a bunch of spaces.
You can also double-check in your Calendars app under “Calendars.” This page will show all the different calendars located on your iPhone, which people typically color coordinate or name by different calendar functions—personal, job, events, appointments, etc. If the spam link prompted you to add a calendar subscription, the spam calendar will most likely appear under the “subscribed” section on your calendars page.
Furthermore, the spam events typically have alerts set up, causing notifications to appear in your Notification Center. Do not tap these notifications as they will take you into the spam Calendar, which will display a scam message trying to get you to open a link.
The spam calendar events are usually trying to bait you by warning you that your data has been compromised or that some other alarming event has occurred on your device. Make sure you don't click on any of the links or purchase anything the spam redirects you to. If you need any help or want to confirm that your device isn't further compromised, sign up for Achilleion, and we'll help fix your device right away.
In order to prevent this issue going forward, you can remain aware and keep a keen eye out for strange and unusual messages in Safari on your iPhone. Don’t believe these prompts, and don’t do what the messages instruct you to do. Don’t click any buttons consenting to whatever the site is asking, such as“OK,” “Allow,” or “Install.”
If you can close the tab or safely navigate to another page in the browser, do so as soon as possible. If an alert is preventing you from doing that, click “Cancel.” If that’s not an option and the alert is preventing you from taking any other actions until you tap a confirmation button, then restart your iPhone.