A calendar invite scam is a fake event added to your calendar to trick you into clicking a bad link, calling a fake support number, or typing your password into a fake login page. If an invite looks urgent, strange, or unexpected, do not click inside it. Verify through the official app or website, report the event as spam or junk, and tighten calendar invitation settings.

You might see something like:

  • “Password expires today”
  • “Invoice processed”
  • “Suspicious login detected”
  • “Security alert: verify now”
  • “You have won a prize”

A weird calendar event does not automatically mean your phone, laptop, Gmail, Outlook, iCloud, or Apple account has been hacked. In many cases, scammers are abusing the way calendar apps handle invitations.

That is what makes these scams annoying. A fake event can feel more believable than a normal spam email because it appears next to your real meetings, birthdays, appointments, travel plans, and reminders.

This guide explains how Google Calendar phishing works, how to spot a fake calendar invite, what you should avoid clicking, how to report calendar spam, and what Outlook and Apple Calendar users should check too.

What is a calendar invite scam?

#

A calendar invite scam is a phishing attempt that uses calendar events instead of regular email messages.

Security teams sometimes call this “calishing,” which means calendar phishing. Scammers send fake invitations or get unwanted events added to your calendar automatically. The event looks official enough to make you curious, worried, or rushed.

A scam invite may arrive as:

  • A Google Calendar invitation
  • An Outlook or Microsoft 365 meeting request
  • An Apple Calendar or iCloud invite
  • An .ics calendar file attached to an email
  • A calendar event automatically created from a suspicious email

The goal is usually to make you act fast.

The event may claim your password is about to expire, your account has been locked, a payment has gone through, or a refund is waiting. Inside the event, there may be a link to a fake login page, a suspicious attachment, or a phone number for fake “support.”

Consumer protection agencies warn that phishing messages often pretend to come from trusted companies and ask for passwords, passcodes, payment details, or other sensitive information. Calendar spam uses the same tricks, just in a place where many people are not expecting a scam.

Quick checklist: how to spot a fake calendar invite

#

If an unexpected event appears on your calendar, use this checklist before you click anything.

A simple rule helps: if the invite is trying to scare you, rush you, or make you curious enough to click, stop first.

Real account problems can be checked by going directly to the official app or website. You do not need to use the link inside the calendar event.

What not to do with a suspicious calendar invitation

#

If an invite looks suspicious, avoid these common mistakes:

  • Do not click links in the event description.
  • Do not call phone numbers listed in the invite.
  • Do not download files from the invite.
  • Do not install apps or browser extensions from the invite.
  • Do not enter your email password, bank details, passcodes, or recovery codes.
  • Do not approve sign-in prompts you did not request.
  • Do not click Accept or Decline if the event looks fake and your calendar has a report option.

That last point is easy to miss.

Accepting or declining an invite may send a response back to the sender. In some situations, that can confirm your email address is active, which is useful information for scammers.

If your calendar app offers Report as spam, Report phishing, or Report Junk, use that instead.

How to report Google Calendar spam

#

Google allows suspicious Calendar invitations or events to be reported as spam. Google notes that the event must have been sent from Google Calendar for the spam report option to appear. Events created by third-party apps may not show the same option.

The desktop version is usually easiest to use.

Step 1: Open Google Calendar

#

Go to Google Calendar in a computer browser.

You can use your phone too, but reporting options are often easier to find on desktop.

Step 2: Click the suspicious event carefully

#

Click the event once to open the event card.

Be careful not to click any links, phone numbers, attachments, or buttons inside the event details.

Step 3: Open the three-dot menu

#

Look for the three-dot menu, usually called More actions, in the event window.

Step 4: Choose “Report as spam”

#

If you see Report as spam, select it and follow the prompt.

This should remove the event from your calendar and help Google detect abusive invitations. If the event is part of a recurring series, reporting it may remove the series too.

Step 5: Delete events that cannot be reported

#

If the event was not sent through Google Calendar, you may not see the spam report option.

In that case, delete the event without clicking anything inside it. If it is a recurring event, choose the option to remove all events in the series if your calendar gives you that choice.

Google Calendar settings that can reduce fake invites

#

Reporting one bad event helps, but changing your settings can stop more of them from showing up in the first place.

On a computer:

  1. Open Google Calendar.
  2. Click the gear icon.
  3. Choose Settings.
  4. Go to Event settings.
  5. Find Add invitations to my calendar.
  6. Choose a stricter option, such as Only if the sender is known, if it is available.

This setting helps stop unknown senders from automatically placing events on your calendar.

You may also want to review settings for events automatically added from Gmail. If you do not want Gmail to add travel bookings, deliveries, reservations, or other email-based events to your calendar, adjust those options too.

The wording can vary depending on your account, device, and Google Calendar version.

For families, students, and workers, this small change can make a big difference. Your calendar should be something you control, not a place where strangers can drop scary messages.

Safety steps for Outlook users

#

Calendar spam is not only a Google Calendar problem. Outlook and Microsoft 365 users can receive suspicious meeting requests too.

If you use Outlook:

  1. Open Outlook on the web or in your Outlook app.
  2. Find the suspicious invitation in your inbox or calendar.
  3. Do not click links, open attachments, or choose Accept or Decline if the invite looks fake.
  4. If the invite is in your email, use Microsoft’s reporting option, such as Report, Report phishing, or Junk, depending on what your version shows.
  5. Delete the calendar event if needed.
  6. Review your calendar and email settings for automatic processing of invitations or events from email.

The exact names of settings can change between Outlook versions. Work, school, and university accounts may also have different controls.

If you use Outlook through an employer, school, or university, report the suspicious invite to your official IT or security help desk. Do not use the phone number or link inside the invite itself.

Safety steps for Apple Calendar and iCloud users

#

Apple Calendar users can also see suspicious invites through iCloud, email, or imported calendar files.

Try these steps:

  1. Open the suspicious event carefully, but do not click links or call numbers in the details.
  2. Look for Report Junk if it appears.
  3. Choose Delete and Report Junk when available.
  4. If there is no report option, delete the event without responding to the sender.
  5. Be careful with .ics files from unknown people. Do not import calendar files unless you trust the source.

If your iPhone, iPad, or Mac keeps showing unwanted calendar events, check your calendar accounts and subscriptions. Remove any calendar subscription you do not recognize.

Sometimes people accidentally subscribe to a spam calendar, then wonder why the fake events keep coming back.

#

If you clicked a link, don’t panic. The next steps depend on what happened after you clicked.

If you clicked but did not enter anything

#

Close the page.

Do not continue through browser warnings, downloads, login screens, pop-ups, or “security check” pages.

If your browser or device offers a security check, run it. Also make sure your browser and operating system are up to date.

If you entered your password

#

Go directly to the official website or app. Type the address yourself or use a trusted bookmark.

Then:

  1. Change the password for that account.
  2. Change the password anywhere else you reused it.
  3. Turn on two-factor authentication if it is available.
  4. Review recent account activity.
  5. Sign out of unfamiliar sessions if the service gives you that option.
  6. Use the official account recovery or support process if you are locked out or unsure what happened.

Reused passwords are one of the easiest ways one small mistake becomes a bigger problem, so do not skip step two.

If you entered a passcode or one-time code

#

Take this seriously.

One-time codes can sometimes let someone sign in immediately.

Go to the official account security page, review recent activity, sign out of unfamiliar sessions, and change your password. If the account is connected to banking, work, school, or sensitive personal information, contact official support as soon as possible.

If you called a number in the invite

#

Hang up.

Do not install remote access software. Do not share payment details. Do not read verification codes out loud. Do not let the caller guide you through “security steps.”

If you already shared sensitive information, contact the real company through its official support channel. If you shared banking or card information, contact your bank using the number on your card or the official banking app.

This article is general safety guidance, not a guarantee of recovery. If money, personal documents, workplace accounts, school accounts, or private information are involved, use official support channels quickly.

Final safety reminder

#

A calendar invite scam works because it lands in a place you already trust: your schedule.

That makes it feel more real than a normal spam message.

The safest response is simple: do not click, do not reply, verify separately, report the event, remove it, and tighten your calendar settings.

Your calendar should show your life, not a scammer’s script. Keep it that way with a few careful habits and the right reporting tools.