Important Notice: Phishing Campaign via Google Calendar Invites

Dear UMBC Community,

DoIT has recently been made aware of a new phishing campaign through Google Calendar. In this scheme, attackers send fraudulent calendar invites that automatically appear on your calendar. These invites often contain messages about fake cryptocurrency invoices and attempt to trick you into clicking links or calling a phone number.

Examples of these malicious invites are included below for your reference.

If you see a suspicious item on your calendar:

Do not click on any links, open any attachments or call any phone numbers
Immediately report the invite to security@umbc.edu
Remove the invite from your calendar using the Trash Can button

It’s important to note that simply receiving one of these invites does NOT mean your account has been compromised. By default, Google Calendar automatically adds invitations from anyone.

To reduce the chance of receiving unwanted invites in the future, you can also update your individual Google Calendar Event Settings to restrict which invitations are added by adjusting the "Add invitations to my calendar" setting. (See Below)

Screenshot of the Google Calendar settings showing the Event Details menu selected and the option for Add Invites to my Calendar visible

For more information about this setting, please refer to https://support.google.com/calendar/answer/13159188?sjid=9213646357382027005-NA.

Thank you all for your continued awareness and assistance in keeping our community secure.

UMBC Division of Information Technology (DoIT)
Cybersecurity Assurance and Digital Trust

Example One:

Example of a Crypto Purchase Order calendar invite

Example Two:

Example of an Invoice & Order Details calendar invite

Tags:

Posted: September 9, 2025, 4:34 PM

Read Original Post in myUMBC

Division of Information Technology

Subscribe to UMBC Weekly Top Stories

I am interested in: