By the Scampilot team · Last updated
Scammers send calendar invitations that some apps add to your calendar automatically, even before you open them. The events carry alarming titles and a link - a fake invoice, a security warning, a parcel notice - that leads to a phishing or malware page. Because the entry appears inside a trusted calendar with a notification, it looks like something you agreed to, which is exactly why people tap the link without the usual caution they apply to email.
The attacker emails a standard calendar invitation to your address. On many phones and webmail setups the default is to add invitations to your calendar automatically, so the event appears and a reminder pops up without you ever accepting anything.
The event title and notes contain urgent text and a link. When you tap it - often from a lock-screen reminder - you land on a page that imitates a bank, parcel service, or login screen and asks for your details or installs something.
A calendar feels like your own private space, so an entry there carries an authority that a random email does not. The reminder arrives at an unexpected moment and creates a small jolt of urgency that pushes people to act before they think.
This is sent in bulk to any leaked email address, but it lands hardest with people who live by their calendar and with those less familiar with how invitations can be auto-added. No prior contact with the sender is needed.
An event you have no memory of creating, from a sender you do not recognise, is the first sign. The wording is typically urgent and threatening - an account closing today, a payment to confirm, a parcel held - paired with a single link.
Look at who organised the event and where the link actually points: mismatched or random domains, odd sender addresses, and generic greetings all mark it as fake rather than a real appointment.
Do not tap any link in an unexpected calendar event. Delete the event, and where the option exists choose to report it as spam or junk rather than simply declining, since declining can confirm your address is active.
In your calendar settings, turn off automatic adding of invitations so new events only appear after you accept them from email. If a message claims to be from your bank or a delivery firm, check by opening their official app or site directly instead.
Calendar reminder: "ACTION REQUIRED - Your Apple ID will be disabled today. Open the document in this invite and confirm your payment details to keep your account active: secure-appleid-verify.com"
Made-up example - not a real message.
Paste it in - Scampilot checks text, links and numbers and explains the verdict.
Check it now