Like email phishing, cybercriminals may also send fake calendar invites that appear on your Gmail Calendar. These “events” often include links or meeting invites designed to trick you into giving away personal information or clicking on malicious links.

How to spot phishing calendar events:

• Unexpected invites: You receive a calendar event from someone you don’t know or weren’t expecting.
• Suspicious links or attachments: The event description includes links, QR codes, or files urging you to click, download, or “verify” something.
• Urgent or too-good-to-be-true messages: The event title or details use scare tactics (“If you did not authorize this transaction, contact us immediately”) or promises (“You’ve Won a Prize!”) to get your attention.

What to do if you suspect calendar phishing:

• Don’t click links or open attachments in suspicious calendar events.
• Instead of deleting the message, report the event as spam. If you delete the invitation, it will send an update to the malicious sender, which confirms your account is real and could cause you to receive more spam.
• You can also check the active phishing alerts website and contact the IT Help Desk if you believe an event or email that you have received is phishing.

We appreciate your alertness, which helps protect your account and our organization from cyber threats. If you have questions or need assistance, please contact the IT Help Desk.