Skip to Main Content

One Billion Google Calendar Users Exposed to Fake Invite Scam

Google has said it is "working diligently" to fix a major flaw that allows hackers to hijack a person's Google Calendar through unwanted email invites. 

Google Calendar.jpg

The flaw allows cyber criminals to take advantage of a default setting that automatically adds invitations to a person’s Calendar when they are sent via email.

Unsolicited invites then appear as a notification through the Google Calendar app, which if clicked on can lead users to an official-looking page requesting personal and financial details.

The fake invite scam was first discovered by security researchers in 2017 but Google is only now addressing the issue.

Links within the event or notification will then take victims to a fake Google authentication page that captures their credentials.

Google included details of what people should do if they see a suspicious invitation or event in their inbox. It advises recipients to report the event as spam, which will remove all events from that organiser from the person’s calendar.


  • Don’t reply to event invites from your phone. Instead, follow the directions below to report the event as spam on your computer.
  • When you report one event, all events from that organizer will be removed from your calendar.

How to report an event:

  1. On your computer, open Google Calendar.
  2. Double click the event you’d like to report.
  3. At the top, click More Actions  Report as Spam. 

If you don't want to see events on your calendar that you haven't replied to, you can change your Google Calendar settings.

  1. On your computer, open Google Calendar.
  2. At the top right, click Settings menu   Settings.
  3. In the "General" tab, click Event settings  Automatically add invitations. 
  4. Select No, only show invitations to which I have responded.