Skip to Main Content

Google calendar scam puts strange events into people's schedule to trick them into being attacked

Phantom invitations are secretly being planted by cyber criminals


Strange invitations are showing up in people's calendars as part of a dangerous scam, cyber security experts have warned.

The unwelcome events are actually ways of tricking people into cyber attacks that could see their data or money stolen.

Criminals are carrying out the exploit by inviting people to events through Google Calendar, which places that event into their schedule. That then serves as a link out to a URL – where a variety of different cyber threats might be lurking for anyone who clicks.

Many people are used to being suspicious of emails that they might receive from unknown senders and with strange links. But such messages placed inside their Google Calendar might appear more innocent, especially because it might not be immediately obvious where it has actually come from.

The invitations might appear with titles such as "You've received a cash reward," or "There's a money transfer in your name," according to Kaspersky Lab researchers who first reported their findings in Wired.

Anyone intrigued enough to click through will find that is not true at all and that the invitations are really just ways of slipping in the questionable links.

Top Tips:

  1. It is possible to ban people from adding invitations to your Google Calendar, which stops the scammers getting through at all.
  2. Doing so is relatively simple. Open up the site on a PC, head to the settings and click on "event settings", where an option for "automatically add invitations" should show.
  3. Switching that to "No, only show invitations to which I've responded" will stop people being able to add you to unwelcome events. It is also worth turning off the "show declined events" option, which will mean that any you do turn down will disappear rather than hang around.