Skip to main content

Google Calendar invites are being abused for phishing scams, here’s how to stop it

Most people are used to seeing phishing scams pop up through emails, on the web, and in messages. However, scammers are still pretty clever in their methods to trick people. According to a new study, Google Calendar has recently been a target of abuse for phishing scams.

A study conducted by Kaspersky found that some scammers are using Google Calendar invitations as a method of delivering phishing scams to users. This is being done by taking advantage of Google Calendar’s ability to automatically pull events and invites over from your attached Gmail account.

Since Google Calendar is a trusted application, users are less likely to ignore these invitations and events, and often they’ll click on the link without much thought. In many cases of this “calendar phishing,” the embedded links redirected to a website that used a questionnaire that asked for credit card details and/or personal information to deliver prize money.

Kaspersky observed multiple, unsolicited pop-up calendar notifications appearing for Gmail users during May. This turned out to be a result of a blast of sophisticated spam emails sent by scammers. The emails exploited a common default feature for people using Gmail on their smartphone: the automatic addition and notification of calendar invitations.

The fraud occurs when the perpetrator sends an unsolicited calendar invitation carrying a link to a phishing URL. A pop-up notification of the invitation appears on the smartphone’s home screen, and the recipient is encouraged to click on the link.

Thankfully, it’s pretty easy to avoid such schemes from affecting your account. Google Calendar leaves automatic event creation on by default, but it can be turned off. From the desktop, head to Settings > Events from Gmail and uncheck the box for “Automatically add events from Gmail to my calendar.”

Notably, as ZDNet points out, Apple added a report function to its calendar app for this reason after seeing a similar problem back in 2016. It’s unclear how widespread or for how long scammers have been target Google’s service specifically.

More on Google Calendar:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel