Email addresses are verified by rejection - Outlook appointments as a trap. Currently, invitations to fake Outlook appointments are increasingly being sent out. Anyone who reacts to this - replies, accepts or rejects - falls into the trap of data collectors who use this method to check whether e-mail addresses are active.
There are currently more and more complaints about unwanted Outlook invitations to fake appointments. This is reported by the consumer advice center in Bremen. It is not necessarily obvious at first glance that it is spam. Often hacked e-mail accounts are used for sending and thus the appointment invitation can even come from one of your real contacts.
Acceptance or rejection as email address verification
The catch with the fake appointments is: those who accept or cancel the appointment have verified their email address with the data collector. Their goal is to find out in this way which e-mail addresses are active. They can then use these addresses for further attacks or attempts at abuse.
The solution is simple: delete the fake invitation and, if the appointment has been automatically added to your calendar, the appointment as well. Do not send a rejection under any circumstances! If you are not sure whether an appointment is real, pick up the phone and call the sender. Do not use the phone number from the suspicious message for this.
Check Outlook settings
To avoid automatically adding Outlook appointments to the calendar, you can check the following settings:
File> Options> Email, scroll down to the History section. There you will find the item "Automatically process meeting requests and responses to meeting requests and voting". Uncheck this setting. If you have also set automatic replies to meeting requests yourself, we recommend that you deactivate these as well.
Detect spam and phishing
Always look out for the following signs of attempted fraud in emails:
- You do not know the sender of the message.
- The message / appointment has nothing to do with you / your work.
- Check contained hyperlinks with the mouseover. To do this, place the mouse pointer on the link - without clicking it! You will now see the actual link address.
- Do not open any email attachments that you are not expecting.
- Time pressure is artificially built up, e.g. B. "Update your data within the next 24 hours, otherwise your account will be blocked."
- You will be asked to submit data or enter it into a web form.
Security awareness, i.e. raising awareness and training your employees, is precisely for such cases that is important for every company and every authority.
More at 8com.de
About 8com
The 8com Cyber Defense Center effectively protects the digital infrastructures of 8coms customers from cyber attacks. It includes security information and event management (SIEM), vulnerability management and professional penetration tests. It also offers the setup and integration of an Information Security Management System (ISMS) including certification according to current standards. Awareness measures, security training and incident response management round off the offer.