You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Spam calendar events

Apparently there is a spate of events spamming the Apple calendar.


My husbands calendar is now chock full of them. They are all for the same thing - congratulations, click the Woolworths link to collect your new iPhone X.


I have looked at them, and can see no ability to delete or in anyway remove them from his calendar. Each ‘event’ carries the same link.


Before notifications send him local, can someone please tell me how to remove them?


tia.

iPad Air 3 WiFi, Cellular

Posted on Jul 22, 2020 3:26 AM

Reply
Question marked as Top-ranking reply

Posted on Jul 22, 2020 3:48 AM

Perhaps someone (or something), or even perhaps yourself, have added/subscribed an additional Calendar to your device - and this unexpected Calendar is exposing unwanted calendar events and sending you unexpected reminders.


Let’s check for anything that’s out of place...

Settings > Passwords and Accounts


Look for an account that shouldn’t be in the list of accounts - as this will likely include the Calendar that contains all the unwanted events. When you find the suspect account, tap - then select Delete Account. This should resolve the problem in its entirety.


Next, you should consider installing a good content blocker - which will go a long way toward preventing recurrence. Due to the system architecture of iOS/iPadOS, unless jailbroken, your iPad is not susceptible to traditional malware infection per-se. However, as with all computer systems, there are still vulnerabilities and exploits to which you remain vulnerable.


Browser-based attacks can largely be mitigated by installing a good, trusted, Content and Ad-blocking product. One of the very best and most respected within the Apple App Store - designed for iPad, iPhone and Mac - is 1Blocker for Safari.

https://apps.apple.com/gb/app/1blocker-for-safari/id1365531024


1Blocker is highly configurable - and crucially does not rely upon an external proxy-service of dubious provenance. All processing takes place on your device - and contrary to expectations, Safari will run faster and more efficiently.


Unwanted content is not simply filtered after download (a technique used by basic/inferior products), but instead undesirable embedded content blocked form download. A further benefit on metered services, such as cellular connections where you data may be capped or chargeable, this not only improves speed but also saves you money.


When using a good content blocker product, a high proportion of otherwise inescapable risk when using your Safari browser, or linking to external sources from email, is effectively mitigated before it even reaches you. Exposure to unexpected Calendar subscription is also significantly reduced - as the exploit used to install this subscription is effectively mitigated.


I hope you find this information and guidance to helpful in both resolving the issue and avoiding recurrence.

Similar questions

7 replies
Question marked as Top-ranking reply

Jul 22, 2020 3:48 AM in response to DebiRose

Perhaps someone (or something), or even perhaps yourself, have added/subscribed an additional Calendar to your device - and this unexpected Calendar is exposing unwanted calendar events and sending you unexpected reminders.


Let’s check for anything that’s out of place...

Settings > Passwords and Accounts


Look for an account that shouldn’t be in the list of accounts - as this will likely include the Calendar that contains all the unwanted events. When you find the suspect account, tap - then select Delete Account. This should resolve the problem in its entirety.


Next, you should consider installing a good content blocker - which will go a long way toward preventing recurrence. Due to the system architecture of iOS/iPadOS, unless jailbroken, your iPad is not susceptible to traditional malware infection per-se. However, as with all computer systems, there are still vulnerabilities and exploits to which you remain vulnerable.


Browser-based attacks can largely be mitigated by installing a good, trusted, Content and Ad-blocking product. One of the very best and most respected within the Apple App Store - designed for iPad, iPhone and Mac - is 1Blocker for Safari.

https://apps.apple.com/gb/app/1blocker-for-safari/id1365531024


1Blocker is highly configurable - and crucially does not rely upon an external proxy-service of dubious provenance. All processing takes place on your device - and contrary to expectations, Safari will run faster and more efficiently.


Unwanted content is not simply filtered after download (a technique used by basic/inferior products), but instead undesirable embedded content blocked form download. A further benefit on metered services, such as cellular connections where you data may be capped or chargeable, this not only improves speed but also saves you money.


When using a good content blocker product, a high proportion of otherwise inescapable risk when using your Safari browser, or linking to external sources from email, is effectively mitigated before it even reaches you. Exposure to unexpected Calendar subscription is also significantly reduced - as the exploit used to install this subscription is effectively mitigated.


I hope you find this information and guidance to helpful in both resolving the issue and avoiding recurrence.

Jul 22, 2020 5:36 PM in response to LotusPilot

Once more into the breach...


Thank you. Yes, there was indeed such an account there. That was the last place to expect such too and would explain why, some short time later, all events reappeared in his calendar.


I was at my wits end by this point.


Deleted, rebooted and downloaded 1Blocker. It is now looking after all of our iPads and iPhones. So a huge thank you for that tip.


As an indie author, I love supporting anything indie that’s good. Discovering that 1Blocker for Safari is indie was a bonus.


Thanks again.

Jul 23, 2020 3:47 AM in response to DebiRose

I’m delighted that we managed to identify and resolve the problem.


So good is iPadOS/iOS at protecting us from malware, Threat Actors have become very creative. As defences improve across many computing systems, a high proportion of threat now has to rely upon Social Engineering - tricking the user, one way or the other, into installing some kind of seemingly innocuous payload onto our devices - or in fooling us into exposing private or sensitive data that can be used to commit identity theft, fraud or otherwise attempt extortion or related activity.


As iOS sandboxing is so effective at protecting us from risk, one of the increasingly common methods of “infecting” our devices (I use this term in the loosest possible sense) is to create web-content, that when clicked, simply subscribes a Calendar to your system; this, of itself, is a completely valid/permitted system operation; as the “subscribing” action itself contains no malicious payload or direct exploit.


Once this calendar is subscribed (and automatically enabled), the Calendar events themselves effectively schedule appearance of unwanted “content” and notifications - often with embedded URLs that, when activated, present material that attempts further social engineering attacks from your browser. Likewise, legitimate actions can be triggered and automated within the security boundaries enforced by the OS. if other App Utilities are present on your device, these can also be triggered to aid automation of data exfiltration from your device.


As you have discovered, unless you know what to look for, the subscribed Calendar isn’t immediately obvious to many users - any more than the method by which it’s installation is triggered. Deletion of individual events isn’t possible, but once you know what to look for, recognition and removal of this exploit vector is relatively straightforward.


Use of the Content Blocker, such as 1Blocker, interferes with the initial delivery mechanism. Providing that the website (or embedded links) are included within the filter rule-set, the initial content/link is never exposed via your default (Safari) browser.


Insofar as social engineering works, content that you can neither see nor interact cannot “infect” the target system. By now, you’ll have discovered the multitude of 1Blocker blocking/filtering categories and rules, plus the flexibility of its configuration and whitelisting of sites.


Over time, you will discover some legitimate sites that require either whitelisting or refinement of the active ruleset, but you’ll soon discover how easy this is - often requiring just a few taps of a finger.


An additional defence, that costs you nothing, is to use a security-focussed Recursive DNS provider in place of your default DNS settings - the default DNS settings often being selected by your ISP. The Recursive DNS server settings can be configured on both your devices and/or WiFi Router.


Here are some recommended Recursive DNS providers:


Quad9 (recommended)

9.9.9.9

149.112.112.112

2620:fe::fe

2620:fe::9


OpenDNS

208.67.222.222

208.67.220.220

2620:0:ccc::2

2620:0:ccd::2


Cloudflare+APNIC

1.1.1.1

1.0.0.1

2606:4700:4700::1111

2606:4700:4700::1001


Use of the above DNS services will help to shield you from “known bad” websites and URLs - andwhen used alongside a good Content Blocker provides defense in depth - extending defences to include all DNS resolved network traffic.


More advanced protection can be configured using other available utilities, such as DNS Cloak, which permits use of secure DNS protocols such as DNSSEC, DoH and DoT - but this topic is perhaps beyond the immediate scope of this discussion.


I hope this additional material also proves to helpful or of interest to you.




Spam calendar events

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.