Skip to main content

Beware phishing scams posing as Google Calendar notifications

Google Calendar
(Image credit: Shutterstock)

Update: A Google spokesperson has contacted us to clarify its position on spam calendar invitations: "Spam calendar invitations can include both unwanted and malicious content that deceive users, similar to spam email. We are not aware of any security bugs due to the software itself. As such, it would be misleading to characterise this as a technical security vulnerability." Updated story continues below.

Gmail users are being warned to watch out for spam calendar invitations containing links to malicious websites. As Forbes explains, calendar invitations can be sent by email – even by people you don't know, and have never spoken to before.

These fake invitations could include a malicious link that could not only be used to steal login credentials (like a standard phishing attack), but also to provide other sensitive information, such as how to gain access to a building where the 'meeting' is due to take place.

Don't get caught out

If you're concerned Black Hills Information Security has published an extensive guide that you can follow to secure your Gmail and Google Calendar apps from potential attack.

As always, though, the most important thing is to always treat unsolicited emails with caution, and not click any links to events that you aren't expecting.