+1 (877) 634-6847
Customer Support
Cybersecurity Glossary

What Is Calendar Phishing?

Calendar phishing is a phishing tactic that uses meeting invitations, event reminders, shared calendars, or scheduling links to deliver a scam. Instead of arriving as a typical email, the lure appears inside a calendar workflow where users may be less suspicious and more likely to click.

Learn More
Short definition

Calendar phishing is a scam that uses calendar invites or reminders to trick someone into opening a malicious link, joining a fake meeting, entering credentials, or trusting a fraudulent request. The invite may look routine because it appears in a productivity tool people use every day.

At a glance: Calendar phishing works because meeting invites look like work tasks, not ads or spam. A reminder can interrupt the user at the exact moment the attacker wants them to act.

Expanded explanation

Calendar phishing shifts the phishing lure into the tools people use to manage time. A suspicious email might be ignored, but a calendar invite can land directly on a schedule, create a reminder, and appear alongside legitimate meetings even if the original email would have been skipped.

The invite may contain a link to a fake meeting platform, a document, a login page, an invoice portal, a support page, or a file download. It may also include notes that create urgency, such as an account review, compliance deadline, interview, vendor meeting, benefits update, or delivery appointment.

Some calendar invite phishing attempts rely on auto-add behavior or permissive sharing settings. Others are sent as normal invitations from compromised accounts or lookalike organizers. Whether it appears as Google Calendar phishing, Outlook spam, or a fake scheduling link, the attacker benefits when users treat calendar events as tasks to handle rather than messages to inspect.

For organizations, calendar phishing is a reminder that phishing is not limited to the inbox. Any workflow that creates trust, reminders, links, or urgency can become part of the attack path.

How Calendar Phishing Works

A calendar phishing attack uses meeting routines and reminders to make a request look normal and time-sensitive.

  1. The attacker creates or sends an event. The invite may come from a fake organizer, compromised account, shared calendar, or automated scheduling link.
  2. The event includes a lure. The description may contain a link, phone number, attachment, meeting URL, or instruction to review something before the appointment.
  3. The calendar creates reminders. Notifications can make the event feel official and push the target to act at a specific time.
  4. The target follows the workflow. They may click the meeting link, enter credentials, download a file, call a number, or respond to the organizer.
  5. The attacker uses the interaction. Stolen credentials, malware delivery, payment fraud, or follow-up social engineering can happen after the first click.

Common Calendar Phishing Examples

Calendar phishing can look like many ordinary scheduling tasks.

  • Fake account review: An event claims the user must attend a security or account review and links to a credential-harvesting page.
  • Vendor meeting invite: A fake supplier meeting includes a link to a malicious file, invoice portal, or login page.
  • Recruiting or interview lure: A calendar event asks a candidate or hiring manager to join a meeting through a fake platform.
  • Benefits or payroll reminder: An invite references enrollment, tax documents, or direct deposit and asks the user to complete a form.
  • Spam calendar events: Unwanted invites appear with suspicious links, prizes, warnings, or urgent instructions designed to generate clicks.

Why Calendar Phishing Matters

Calendar phishing matters because it reaches people through a trusted workflow. Many employees rely on calendar reminders to decide what deserves attention next. If a malicious event appears beside real meetings, it can feel less like a cold message and more like an assigned task.

Calendar invites also create a sense of timing. A reminder may pop up minutes before a meeting, when the user is moving quickly. That rushed moment is useful to attackers because people may click the meeting link without checking the organizer, domain, or event details.

The risk is not only credential theft. A fake meeting can support business email compromise, vendor impersonation, callback scams, malware delivery, or account recovery abuse. The calendar event is simply the starting point.

How to Reduce Calendar Phishing Risk

Calendar phishing controls should focus on invite handling, user habits, and suspicious organizer behavior.

  • Review unexpected organizers. Check whether the sender, domain, and meeting context make sense before clicking links or joining calls.
  • Avoid links inside suspicious events. Open known meeting platforms, vendor portals, or company tools directly when the invite feels unusual.
  • Adjust calendar settings. Limit automatic event additions, external sharing, and public calendar exposure where appropriate.
  • Report suspicious invites. Employees should know how to report calendar events, not just emails, when something looks wrong.
  • Protect meeting workflows. Require authentication for sensitive meetings, verify vendor attendees, and avoid sharing confidential files through unverified calendar links.

Related Glossary Terms

Calendar phishing often supports broader phishing and business impersonation tactics.

  • AI Phishing explains how generated messages can make invites and follow-ups more convincing.
  • Business Email Compromise covers fraud that abuses trusted business communication and approval workflows.

Final Takeaway

Calendar phishing works because it turns a scam into something that looks scheduled. A reminder, meeting title, and organizer name can make a malicious request feel like part of the workday.

The safest habit is to treat unexpected calendar events the same way as unexpected messages. Verify the organizer, avoid suspicious links, and report events that ask for credentials, payments, downloads, software installs, file sharing, callbacks, or approvals.

Navigation
Back to Glossary View Category

Share This Page

Send this glossary page to a teammate, client, or employee who needs a quick explanation.

Email Facebook LinkedIn
FAQ

Questions Teams Ask About Calendar Phishing

Quick answers about malicious calendar invites, meeting links, reminders, and safer scheduling habits.

What is calendar phishing?

Calendar phishing is a scam that uses calendar invites, event reminders, or meeting links to push a target toward a malicious page, fake meeting, or fraudulent request.

Why do calendar phishing invites feel believable?

They appear in a trusted productivity tool, may trigger reminders, and often look like normal meeting traffic rather than a traditional phishing email.

Can calendar phishing affect business users?

Yes. Attackers can use fake meetings to collect credentials, deliver malicious links, impersonate vendors, or create pressure around invoices, interviews, and account reviews.

How should employees handle suspicious calendar invites?

They should avoid links in the invite, verify the organizer through a trusted channel, report the invite, and remove it if it is confirmed suspicious.