Consumer Handbook: Scammers Are Putting Phony Invites On Victims' Email Calendars

Oct 9, 2019

Credit Christopher Ross/Flickr, License: https://creativecommons.org/licenses/by-sa/2.0/legalcode

First it was emails. Then it was text messages. Now, the latest phishing scam involves calendar invites. 

Here’s how the scam works. You use Outlook, Google Calendar, or a similar program to keep track of your schedule. One day, you check your schedule and you spot a strange event that you don’t remember accepting. It seems to be promoting a special discount or offer. The event body tells you to click a link to take a survey, find a nearby location, or something similar. 

Where did this calendar event even come from? Scammers are taking advantage of default calendar settings that automatically add any event to a user’s calendar, whether they have accepted it or not. They add a phishing link and a short description to entice targets to click. The link might point to a form that requests personal information or downloads malware to your device. 

Here’s how to avoid falling for calendar phishing scams. Never click on links or download attachments from unknown events. Just like emails, out-of-the blue calendar invites are often attempts to install malware on your computer and/or steal your personal information. 

Check your calendar settings and make sure to turn off any options that say “automatically add invitations” or something similar. You want your calendar set to give you the option of accepting or rejecting every invitation.