Calendar Invitation Scams


Reports show that in the most recent string of scams, fraudsters are sending their victims meeting invitations with malicious links. These scammers are spoofing Google products, such as Google Meet invitations, to make the content look legitimate (Knowles, 2025). When users click the fraudulent link, malware is downloaded to their personal device.

This scamming tactic effectively defrauds many victims because some invitations automatically save to a person’s calendar when they are sent (Clerk of the Circuit Court and Comptroller, 2019). Many people are primed to spot malicious links in texts and emails, but aren’t expecting phishing links in their calendar.  

Follow these tips below to prevent falling victim to these calendar invitation scams:

  • Adjust your Google calendar settings. Users should adjust their Google calendar settings so invitations are not automatically added to their calendar (Sjouwerman, 2024).

  • Activate “known senders” setting. Users can adjust their settings so they are alerted when they receive an email from someone who has not contacted them in the past (Slavin, 2025).

  • Review invitations before clicking on them. If you don’t recognize a sender or calendar invitation, don’t click the link. Like reviewing emails and text messages, review the content of an invitation to look for any misspellings or altered URLs. 

Works Cited

Clerk of the Circuit Court and Comptroller. (2019). Scammers Turning to Bogus Google Calendar Invitations to Defraud Consumers. Retrieved from Pinellas County Consumer Protection: https://www.mypinellasclerk.gov/Portals/0/Inspector%20General/IG%20Fraud%20Alert/2019/508_IGFraudAlertOctober2019.pdf?bcs-agent-scanner=28366be6-bbd5-764f-9684-272dc8dbab3b

Knowles, J. (2025, June 6). Scammers mimic Google invites with phishing links to deceive and defraud, cybersecurity experts warn. Retrieved from ABC 7 Chicago: https://abc7chicago.com/post/google-scam-gmail-calendar-meet-invites-phishing-links-used-deceive-defraud-cybersecurity-experts-warn/16679229/

Sjouwerman, S. (2024, September 3). Alert Your Users About Calendar Scams And What To Do About Them. Retrieved from KnowBe4: https://blog.knowbe4.com/alert-your-users-about-calendar-scams-and-what-to-do-about-them

Slavin, B. (2025, March 7). Threat actors are exploiting Google Calendars for phishing and spoofing attempts. Retrieved from DuoCircle: https://www.duocircle.com/phishing-protection/threat-actors-exploit-google-calendar-for-phishing-and-spoofing