Phishing attacks are not limited to suspicious emails anymore. One of the newer tactics we are seeing involves bad actors sending fake calendar invitations that include malicious links. These invites can look legitimate, may appear to come from a recognizable platform or contact, and in some cases can show directly on your calendar.
That is what makes this scam especially dangerous. Most people are trained to be cautious with suspicious emails, but they may not think twice about a meeting invite that appears in Outlook, Microsoft 365, Google Calendar, or another calendar app. Attackers are taking advantage of that trust by placing phishing links inside the invite title, description, location field, or meeting details. Security researchers have noted that calendar phishing is becoming more common because it blends into normal business workflows and can feel more trustworthy than a traditional email.
In a typical version of this scam, an employee receives a calendar invitation for something that looks routine, urgent, or business-related. It may reference a document review, invoice, account alert, subscription issue, meeting request, HR update, or shared file.
The invite may include a link asking the recipient to:
Once clicked, the link may take the user to a fake login page designed to steal credentials. In other cases, it may lead to a malicious download, fraudulent payment request, or a page that attempts to capture sensitive company information. Security experts are specifically warning that fake Microsoft and Google Calendar invites are being used to steal login credentials.
Calendar invites feel different from regular emails. They are tied to time, meetings, and productivity, which makes people more likely to trust them. They can also appear in places users check frequently, including email inboxes, calendar apps, mobile notifications, and reminders.
Another concern is that calendar events may remain visible even after the original suspicious email is deleted or reported. That means a user might avoid the email at first but later see the event on their calendar and click the link from there. Recent cybersecurity guidance has warned that malicious calendar events can persist in calendars and continue to create risk after the initial message is removed.
Be cautious with any unexpected calendar invite, especially if it includes a link. Warning signs include:
The most important rule is simple: do not click links in unexpected calendar invitations.
If you receive a suspicious calendar invite:
It is also important to remember that multi-factor authentication matters. Even if a user accidentally enters a password into a fake login page, stronger MFA methods such as Microsoft Authenticator can help reduce the chance of an account takeover. SMS-based MFA is better than no MFA, but app-based authentication is typically the safer option for business accounts.
Calendar phishing is a good reminder that cybersecurity needs to go beyond basic email filtering. Businesses should review how their Microsoft 365 or Google Workspace environment handles external calendar invitations, suspicious links, user permissions, and authentication.
A stronger defense may include:
For Microsoft 365 environments, security recommendations commonly include layered protections such as mail flow rules, Safe Links, Defender investigation/remediation, and user education.
If a calendar invite looks unexpected, treat it the same way you would treat a suspicious email. Just because it appears on your calendar does not mean it is safe.
Cybercriminals are constantly looking for new ways to make phishing attacks feel normal. Calendar invites work because they blend into the daily rhythm of business. A few seconds of caution can prevent stolen credentials, financial fraud, data exposure, or a larger cybersecurity incident.
Cloud Cover helps businesses strengthen Microsoft 365 security, improve phishing protection, configure safer authentication, and train employees to recognize threats like this. If you are unsure whether your current environment is protected against calendar invite phishing or other Microsoft 365 risks, our team can help review your setup and recommend practical next steps.