A widespread rise in phishing attacks using fake calendar invites is impacting users on Outlook, Gmail, and Apple devices, with events that resist deletion due to cross-device sync and attempt to lead victims to financial scams.
Attack Mechanics
These phishing calendar entries usually appear as warnings about upcoming payments, urgent meetings, or investment opportunities. They prompt users to call suspicious numbers or join video meetings, which can lead to tech support scams, requests for banking information, or the installation of remote access tools. The invitations arrive through email attachments or messaging app download links and can automatically add to calendars even from spam folders.
Removal Steps for Outlook
In Outlook, users should delete events without interacting with links or attachments, selecting “Do not send a response” to avoid confirming active email addresses. Block the sender by right-clicking the event and reporting it as junk. Disable automatic event addition from emails in settings and report invites to Microsoft as phishing. Verify any billing concerns only through official company channels.
Securing Gmail Calendars
For Gmail users, access Google Calendar settings via the gear icon. Under Event settings, change “Add invitations to my calendar” from “From everyone” to “Only if the sender is known” or “When I respond to the invitation email.” Uncheck “Show events automatically created by Gmail” to prevent unsolicited additions.
Apple Device Protections
On macOS, navigate to System Settings > Privacy & Security > Calendars to toggle access for apps and limit to event addition only if needed. For iPhone and iPad, go to Settings > Calendar > Accounts > Subscribed Calendars and delete unwanted accounts. Check for additional or subscribed calendars in both desktop and mobile apps to halt resynchronization.
