Worse Than Spam E-mail: Spam Calendar Invites or How Apple Sold My Apple ID to the Chinese

[Rafagon]

Today I received a invite from a person attempting to profit. And Apple allowed this sodding nonsense. It was from a Chinese seller, to boot. See below for screenshot.

That first recipient down there, with the pixelated middle name, that’s me. A bunch of other folks with e-mail addresses begin with “ra” were also victims of the vicious attack.

I don’t know why there isn’t an option in the Calendar app’s settings to block invites from unknown senders.

This has all the tell-tale signs of spam. Ray-Ban spelled with a lowercase B. Ray-Ban glasses for $19.99. Chinese sender. Multiple recipients all with similar e-mail addresses. Why did Apple allow this garbage to go through their servers and into my phone as a Calendar invite?

A friend gave me an Apple phone number (“Just Ask”) and suggested I report this. I definitely plan on doing so.

 

[Rafagon]

Ahhh, The New York Times to the rescue with some tips on how to fight this disgusting form of spam, while we wait for Apple to do something about it.

http://mobile.nytimes.com/2016/11/25/technology/personaltech/fighting-ios-calendar-spam.html

 

[RoofMonkey]

I got one VERY similar as well

 

[Rafagon]

I got one VERY similar as well

I tapped on Decline and later on in the day, after I read the NYT article, I learned that that wasn’t the best thing to do. Tapping on Decline lets them know that the e-mail address has not been abandoned by its owner and could make the spam worse:

Unlike those older forms of spam, which can be filtered, blocked or deleted, invitation spam usually offers Accept, Decline (or Maybe) as your options — all of which notify the spammer that your account is live and ready for more unsolicited offers.

I called Apple out on it on Twitter.

There’s another article on this issue over at 9to5Mac.

 

[Rafagon]

Apple followed up on my Tweet. That’s nice of them. But now they want specifics that I’d rather not give to a nameless face sitting behind a Twitter account. This is not a problem that is exclusive to me; I’m not the only one who was targeted. So why do they need my device serial number? Fix it at the OS level and leave me alone, Apple. I kindly sent them a link to the 9to5Mac article so that they can read all about it:

 

[Ledsteplin]

That request on Twitter is generic. If you look at the others, you see the same request for info so they can help. But many times it does seem silly. I haven't seen that in my Calendar. I'm wondering if there's a common denominator with those who get it. Something they do on Facebook, for example. Did you send feedback?
Feedback
http://www.apple.com/feedback/iphone.html

 

[Rafagon]

That request on Twitter is generic. If you look at the others, you see the same request for info so they can help. But many times it does seem silly. I haven't seen that in my Calendar. I'm wondering if there's a common denominator with those who get it. Something they do on Facebook, for example. Did you send feedback?
Feedback
http://www.apple.com/feedback/iphone.html

I will go ahead and send the feedback; I just don't want to initiate a lengthy intercourse. No "What's your phone's serial number" or "What's your favorite ice-cream flavor" or anything of the sort.

 

[Ledsteplin]

I will go ahead and send the feedback; I just don't want to initiate a lengthy intercourse. No "What's your phone's serial number" or "What's your favorite ice-cream flavor" or anything of the sort.

This seems to be a solution. It's normal for Apple to request the info you mention. It helps them check your phone for whatever issues. Not sure why you see Apple as crooks or something malicious.
https://astralbodi.es/2016/11/25/preventing-spam-icloud-calendar-invites/

 

[Rafagon]

This seems to be a solution. It's normal for Apple to request the info you mention. It helps them check your phone for whatever issues. Not sure why you see Apple as crooks or something malicious.
https://astralbodi.es/2016/11/25/preventing-spam-icloud-calendar-invites/

Not Apple in general. In this thread, specifically, I was referring to the Apple Twitter account. Whoever is behind it didn’t even identify him- or herself. When you start an online chat with AT&T, the first thing the rep does is tell you his or her name. I consider that to be proper practice when a company’s rep is assisting a customer.

The only proof I get that I’m speaking with a legitimate Apple employee is a little white checkmark beside the words “Apple Support.”

But in addition to that, last time I sent a bug report (through a different site, not feedback and not Twitter) they simply got on my nerves by requesting way too many details (see this post), so I decided I wouldn’t be using the bug reporting site, but rather, the feedback site, as Europa suggested. I don’t want a repeat of that, because it felt just like if I had been walking on the sidewalk minding my own business when an unmarked black van pulled up beside me, three guys got out and kidnapped me, took me to an Apple Black Site, and tortured and interrogated me for days on end.

To illustrate, it felt something like this:

 

[RoofMonkey]

it felt just like if I had been walking on the sidewalk minding my own business when an unmarked black van pulled up beside me, three guys got out and kidnapped me, took me to an Apple Black Site, and tortured and interrogated me for days on end.

If it was a JET Black van ( or Piano black as some say), it would be a safe bet they were Apple employees.

 

[RoofMonkey]

Seems Apple is aware of the issue:
Apple is aware of calendar spam issue and is working to fix it https://t.co/sYax9Mlua7 https://t.co/emEwY4YSkI

 

[Rafagon]

This would be so easy to fix if they just blocked any and all incoming calendar invites containing Chinese characters.

(Except in China, of course.)

 

[Ledsteplin]

Not Apple in general. In this thread, specifically, I was referring to the Apple Twitter account. Whoever is behind it didn’t even identify him- or herself. When you start an online chat with AT&T, the first thing the rep does is tell you his or her name. I consider that to be proper practice when a company’s rep is assisting a customer.

The only proof I get that I’m speaking with a legitimate Apple employee is a little white checkmark beside the words “Apple Support.”

View attachment 45132

But in addition to that, last time I sent a bug report (through a different site, not feedback and not Twitter) they simply got on my nerves by requesting way too many details (see this post), so I decided I wouldn’t be using the bug reporting site, but rather, the feedback site, as Europa suggested. I don’t want a repeat of that, because it felt just like if I had been walking on the sidewalk minding my own business when an unmarked black van pulled up beside me, three guys got out and kidnapped me, took me to an Apple Black Site, and tortured and interrogated me for days on end.

To illustrate, it felt something like this:

View attachment 45133

They may have identified themselves once in the DM. They have a ton of users asking questions on the Twitter format.

 

[Rafagon]

Apple has taken one small step towards addressing its annoying Calendar Spam issue by adding a “Report Junk” option to calendar invitations—but so far this is only available on icloud.com.

Of course, Apple has a responsibility to its customers to add this option to iOS and macOS—something a Reddit user claims has confirmed he was told would indeed happen “soon” by an Apple Support representative, according to the linked article.