Labels

Suspicious Event on Your Google Calendar — and What to Do About It

Why There's a Suspicious Event on Your Google Calendar — and What to Do About It

Suspicious Event on Your Google Calendar — and What to Do About It

You open your phone to check your schedule for the day. There's an event you don't remember creating. It says "Subscription Renewed — $389.99" with a phone number to call if you didn't authorize it. Your heart sinks. You never bought anything for that amount. But here's the strange part — you never clicked a link, never opened a suspicious email, never did anything wrong. The scam just appeared directly on your calendar. This is one of the newest scams Google itself warned about just last week — and here's exactly what's happening.

This Is Brand New — Google Warned About It Last Week

Google's Trust and Safety team published their official June 2026 frauds and scams advisory just two weeks ago — specifically investigating "Calendar Phishing" bypasses where fake renewal notices were added directly to Google Calendar invites.

Google's Trust and Safety team is warning about a phishing tactic that delivers fake billing notices straight to Google Calendar — bypassing the email filters that would normally screen them out. According to the company's June 2026 advisory criminals are adding fake subscription renewal receipts as calendar events, with large dollar amounts, invented transaction IDs, and a phone number to call.

This is genuinely new — and genuinely clever. Scammers found a way to skip your email inbox entirely and place their scam directly onto something you check every single day — your calendar.

Why This Scam Works So Well — The Hidden Setting Nobody Knows About

Here's the part that surprises everyone:

Part of what makes the tactic effective is a Google Calendar default setting. Unless you've changed the setting, Calendar automatically adds event invitations to your schedule from people you've never interacted with. The malicious invite can land on your calendar without you opening any email or pressing accept.

Think about what that means. You don't have to click anything. You don't have to open anything. You don't have to make any mistake at all. A stranger can send a calendar invite and it just appears on your schedule automatically — like you created it yourself.

Calendar phishing skips your inbox entirely. Because Google Calendar can auto add events from incoming invitations an attacker sends an invite carrying a fake subscription renewal or a "payment failed" notice — and it appears on your schedule as if you booked it yourself.

The trick works on trust. A calendar entry feels like something you created — not something a stranger pushed at you.

This is exactly why it's so dangerous. We are conditioned to trust our own calendar. We put things there ourselves. So when something appears there — our guard is down in a way it wouldn't be with a random email.

A Real Example — Happening Right Now

Here's a real documented case from just this year:

Security firm Malwarebytes documented an active campaign where scammers impersonated Malwarebytes itself. Victims were sent fake four-year renewal receipts loaded with invented membership IDs and transaction codes — plus a phone number in the event description to call.

The body of the calendar invite is crammed with fake details intended to look like they came from a billing system — multiple ID lines such as Membership ID, Client UID, Customer ID, and Service Number.

The amounts in these fake invites are large and attention-grabbing — usually several hundred dollars for multiple years of service. The scammers want you to believe a considerable charge has already gone through so that you react immediately instead of thinking critically. The goal is to get you to call rather than email.

Notice the strategy here. They don't ask you to click a link first. They ask you to CALL them. Why? Because a phone conversation is much easier to manipulate than a webpage. A real person on the other end can adapt, pressure, and convince you in ways a static scam website cannot.

What Happens If You Call the Number

Once a user clicks a link or calls the number the attacker can try to steal login credentials, financial information, or remote access to the computer.

The invite may include a phone number to call if the charge is "incorrect." This is often an attempt to move the target into a phone based scam — also known as "vishing."

Here's what typically happens on that call:

  1. A scammer pretending to be customer support answers
  2. They confirm the "large charge" is indeed on your account
  3. They offer to "refund" you — but need your bank information to process it
  4. Or they ask you to download "verification software" — which is actually remote access malware
  5. Or they ask for your card number to "verify your identity" before processing the refund

Every single path leads to the same place — they get your money or your information.

Other Types of Fake Calendar Invites to Watch For

This isn't limited to fake subscription renewals. Real documented examples include:

Calendar phishing invites can also show up as prize notifications, wire transfer alerts, and overdue invoice notices.

You may get a fraudulent calendar invitation from an unknown source that contains information about fake invoices — usually tied to cryptocurrency or services like PayPal.

Some invites include fake Zoom or Teams meeting updates — the link sends you to a fake page claiming you need to update Zoom or Teams. In some cases that "update" can install remote access software or malware. Other invites include links to fake login pages for Microsoft 365, Google, Zoom, or other common workplace platforms.

So the categories to watch for are:

  • Fake subscription renewal receipts
  • Fake "payment failed" notices
  • Fake prize notifications
  • Fake wire transfer alerts
  • Fake overdue invoice notices
  • Fake cryptocurrency or PayPal invoices
  • Fake meeting software update requests
  • Fake login pages disguised as meeting links

🚨 Red Flags — How to Spot a Fake Calendar Invite

Here's exactly what to look for every time:

🚩 Red Flag #1 — You don't recognize the organizer The organizer is not someone you know. If a calendar event appears from someone you've never heard of or never communicated with — that alone is a major warning sign.

🚩 Red Flag #2 — It contains invoice or billing language Titles can reference anything but focus on invoices and calls to action. These types of invite titles can look more like email titles than calendar events. A real meeting invite says things like "Team Check-In" or "Coffee with Sarah." A scam invite says "Invoice #88291 — Action Required" or "Subscription Renewal Confirmation."

🚩 Red Flag #3 — It includes a large dollar amount Criminals are adding fake subscription renewal receipts with large dollar amounts. A real calendar event never bills you for anything. If a calendar event mentions money owed or charged — it is fake.

🚩 Red Flag #4 — It asks you to call a phone number This is one of the clearest signs. Legitimate calendar events from companies don't include "call this number if this charge is wrong." Real companies send actual emails or bills — not calendar invites with phone numbers.

🚩 Red Flag #5 — It includes fake reference numbers The body of the calendar invite is crammed with fake details — multiple ID lines such as Membership ID, Client UID, Customer ID, Service Number. Scammers add lots of official-looking numbers and codes to make the scam feel more legitimate. Real billing notices come through proper channels — not calendar event descriptions.

🚩 Red Flag #6 — You never signed up for whatever it claims If the event claims you renewed a Malwarebytes, Norton, or any other subscription you never had — that's your answer right there.

The One Rule That Protects You Completely

Receiving a calendar invite does NOT mean your account has been compromised, and it does NOT mean you owe any money. A calendar invite is simply an invitation — it has no power to charge you anything. Delete it and ignore any phone number or link inside it.

If you receive one of these invites be aware that it doesn't mean your account has been compromised. This is important to understand — the scam invite appearing on your calendar is not proof that anything was hacked. It's simply spam that exploited a calendar feature. Your accounts are likely completely fine.

How to Stop This From Happening — Fix the Setting Right Now

Here's the most important action you can take today:

Google's advisory recommends turning off automatic event creation from invitations in Calendar settings so that only events you explicitly accept ever appear.

On your computer:

  1. Go to calendar.google.com
  2. Click the gear icon in the top right
  3. Click "Settings"
  4. Click "Event settings" on the left
  5. Find "Automatically add invitations"
  6. Change it from "Yes" to "No, only show invitations to which I've responded"
  7. This means events will NOT appear on your calendar unless you specifically click "Yes" or "Maybe" on the invitation

On your iPhone or Android — through the Gmail/Calendar app:

  1. Open the Google Calendar app
  2. Tap the menu icon (three lines) in the top left
  3. Tap "Settings"
  4. Tap "Events from Gmail" or "Event settings"
  5. Adjust the automatic invitation settings the same way

Once a user clicks a link or calls the number the attacker can try to steal login credentials financial information or remote access to the computer. Changing this one setting prevents the scam invite from ever reaching your calendar in the first place — stopping the problem before it starts.

What to Do If You Already Have One of These Events

Step 1 — Do NOT call the phone number No matter how large or urgent the amount looks — never call a number from a suspicious calendar invite.

Step 2 — Do NOT click any links in the event Links can lead to fake login pages or trigger malware downloads.

Step 3 — Simply delete the event

  1. Open the calendar event
  2. Tap "Delete" or the trash can icon
  3. Confirm deletion

Step 4 — Decline rather than ignore If you can, click "No" or "Decline" on the invitation rather than just deleting it. This sometimes signals to Google's spam systems that the invite was unwanted.

Step 5 — Report it to Google You can report the calendar spam directly to Google through their support page — this helps Google identify and block these scam patterns for everyone.

Step 6 — Check your real accounts directly If the invite claimed you have a subscription renewal — go directly to that company's official website (typing it yourself, not clicking any link) and check your actual account. You'll see immediately there's no real charge.

Step 7 — Change the automatic invitation setting Follow the steps above to prevent future scam invites from appearing automatically.

What If You Already Called the Number?

Don't panic — but act quickly:

  1. If you gave payment information — call your bank immediately and explain you may have given your card details to a scammer. Ask them to watch for suspicious charges or issue a new card.
  2. If you gave login credentials — change that password immediately from a different device, and change it everywhere else you used the same password.
  3. If you downloaded "verification software" — disconnect from the internet immediately, turn off your device, and have a trusted person check it for malware before reconnecting.
  4. Report it — file a report at reportfraud.ftc.gov

💡 Golden Tips From Real People and Security Experts

"I changed my calendar settings the moment I read about this — took less than 2 minutes." This is the single most effective step. Once you turn off automatic invitations, the scam genuinely cannot reach your calendar anymore.

"The fake invite had so many official-looking numbers — IDs, transaction codes — it almost worked on me." Real people report that the sheer amount of fake "official" detail is what makes these convincing. Remember — official-looking numbers mean nothing. Anyone can type random numbers into a calendar invite description.

"I almost called because the amount was so large and scary — then I remembered I don't even have that subscription." The panic response is exactly what scammers are counting on. Before reacting to any amount of money — ask yourself simply: do I actually have this subscription or account? If not — it's fake.

"My antivirus company would never put a bill on my calendar — that's not how real billing works." This is the simplest way to think about it. No legitimate company has ever billed anyone through a calendar invitation. Calendars are for meetings and appointments — not invoices.

"I reported it and deleted it — didn't engage with anything else." The safest and simplest response. Don't investigate. Don't call to "see what they say." Just delete and move on.

Share This With Everyone You Know

This scam is especially dangerous because it requires zero action from the victim to appear — it just shows up. Many people who would never click a suspicious email link might still see a calendar event and think it's real because it appeared on something they trust completely.

Please share this with family and friends — especially anyone who uses Google Calendar regularly. The fix takes 2 minutes and completely prevents this scam from ever reaching them.

The Complete Protection Checklist

  • ✅ Change your Google Calendar settings to not auto-add invitations
  • ✅ Never call a phone number found inside a calendar event
  • ✅ Never click links inside unexpected calendar events
  • ✅ Remember — a calendar invite cannot charge you money
  • ✅ Delete suspicious events without engaging
  • ✅ Check your real accounts directly if concerned about a subscription
  • ✅ Report suspicious invites to Google

The Golden Rule

A calendar invite has no power to charge your card, suspend your account, or prove anything is wrong. It's simply an invitation. If something appears on your calendar that you don't recognize — delete it, never call any number inside it, and change your settings so it can't happen again.

Have you seen a suspicious calendar event appear out of nowhere? Share what it said in the comments below — your description could help someone else recognize this scam before they react to it!


Labels:

Comments

Post a Comment