Watch Out for Calendar Event Phishing

Like email phishing, cybercriminals may also send fake calendar invites that appear on your Gmail Calendar. These “events” often include links or meeting invites designed to trick you into giving away personal information or clicking on malicious links.

How to spot phishing calendar events:

• Unexpected invites: You receive a calendar event from someone you don’t know or weren’t expecting.
• Suspicious links or attachments: The event description includes links, QR codes, or files urging you to click, download, or “verify” something.
• Urgent or too-good-to-be-true messages: The event title or details use scare tactics (“If you did not authorize this transaction, contact us immediately”) or promises (“You’ve Won a Prize!”) to get your attention.

What to do if you suspect calendar phishing:

• Do not click links or open attachments in suspicious calendar events.
• Do not delete the event from your calendar! Instead, report the event as spam. If you delete the invitation, it will send an update to the malicious sender, confirming that your account is real and potentially leading to more spam.
• It’s safe to delete the email notification. It is a legitimate Google Calendar notification message, even though its contents may be malicious.
• Check the active phishing alerts website and contact the IT Help Desk if you believe an event or email that you have received is phishing. We appreciate your alertness, which helps protect your account and our organization from cyber threats.