A growing phishing campaign is targeting Gmail users by sending fake calendar invites that automatically appear in Google Calendar — even if you never accepted them.
Because Google Calendar’s default setting allows invites “from everyone,” scammers can plant malicious events directly into your schedule. These invites often contain links that lead to malware, credential-stealing pages, or data theft.
This scam has become extremely common in 2026 and affects professionals across industries — including attorneys, accountants, and small business owners who rely heavily on Google Workspace.
Why This Scam Is So Effective
Google Calendar is designed for convenience. By default, it adds invitations from anyone to your calendar automatically. Scammers exploit this by sending invites that look legitimate (invoices, meeting requests, urgent documents, etc.).
When you click the link inside the fake event, you may be taken to a spoofed Google login page or a site that downloads malware.
The Single Most Effective Fix (Takes 30 Seconds)
Change one setting in Google Calendar:
- Open Gmail on a computer (easiest).
- Click the 9-dot grid in the top right → select Calendar.
- Click the gear icon (Settings) in the top right.
- In the left sidebar, click Event settings.
- Find “Add invitations to my calendar”.
- Change it from “from everyone” to “Only if the sender is known”.
- Click OK on the warning message.
That’s it. Future invites from unknown people will no longer automatically appear in your calendar. You’ll still receive an email notification and can manually accept legitimate ones.
Stricter option: Choose “When I respond to the invitation in email” if you rarely receive external calendar invites.
Additional Protection Steps
On Mobile (Android / iOS)
- Open the Google Calendar app.
- Tap your profile picture.
- Go to Settings → General.
- Tap Adding invitations.
- Select Only if the sender is known.
Remove Existing Suspicious Events
- Open Google Calendar.
- Find the fake event.
- Click the three dots → Delete (or “Delete and report spam”).
If You Already Clicked a Link
- Immediately change your Google password.
- Turn on 2-Step Verification (if not already enabled).
- Run a full malware scan on your device.
- Review recent account activity at myaccount.google.com/security.
Daily Best Practices
- Never click links inside calendar invites or unexpected emails.
- Hover over links first to see the real destination.
- Keep “Show events automatically created by Gmail” turned off in Event settings.
- Report suspicious invites as spam.
Why This Matters for Professionals and Law Firms
Attorneys and professionals who use Google Workspace handle sensitive client information daily. A successful phishing attack through a calendar invite can lead to:
- Compromised email accounts
- Exposure of confidential client data
- Potential violations of professional responsibility rules
- Reputational damage
Simple configuration changes like this are a foundational part of any strong cybersecurity program.
How EmailMeNow Can Help
We help Texas law firms and small businesses strengthen their defenses against these types of attacks through:
- Email and Google Workspace security reviews
- Phishing awareness training tailored for legal professionals
- Security awareness programs that include calendar and email threats
- Ongoing support for SB 2610 cybersecurity documentation
Take action today.
Run a free Instant Cybersecurity Audit at audit.emailmenow.com to see how your current email and calendar security measures up.
Contact EmailMeNow IT Consulting for a customized security consultation.
This quick setting change is one of the highest-impact, lowest-effort security improvements you can make. Do it now — it takes less than a minute and significantly reduces your risk.