Cybercriminals are using a tactic that leverages your digital calendar to deliver spam and phishing links directly to your devices. These unsolicited calendar invitations often contain alarming messages about your device’s security or offer enticing prizes. The notifications appear legitimate because they come from the calendar app itself, leading some users to click on the malicious links embedded within the event details.

This method works because many calendar services, including those from Google and Apple, are configured by default to automatically accept invitations and add them to a user’s schedule. By sending an invite to a known or guessed email address, attackers can place a fraudulent event on a user’s calendar. Interacting with the invite, even to decline it, often sends a notification back to the spammer, which confirms that the email address is active and can lead to an increase in targeted spam.

How to Safely Remove Malicious Calendar Invites

Removing these invites requires a specific process to avoid notifying the spammer. Simply declining the event is not the recommended action. Instead, the established safe method involves isolating and deleting the spam without sending a response.

For iCloud Calendar on iOS:

1. Open the Calendar app and tap Calendars at the bottom of the screen.

2. Tap Add Calendar, give the new calendar a name (e.g., “Spam”), and tap Done.

3. Go to the spam invitation, tap on it to open its details.

4. Tap on Calendar and move the event to the new “Spam” calendar you just created.

5. Return to the list of your calendars, tap the “i” icon next to the “Spam” calendar, and select Delete Calendar from the bottom of the screen. This removes the event and the calendar without sending a response to the sender.

For Google Calendar (Web Interface):

1. Open the spam event in your Google Calendar.

2. Click the three-dot menu icon (More actions).

3. Select Report as spam. This action removes the event from your calendar and reports the sender to Google.

How to Prevent Future Calendar Spam

Adjusting your calendar settings is a primary defense against this type of spam. By changing how your calendar handles invitations, you can prevent them from being automatically added.

To prevent spam on Google Calendar:

1. Open Google Calendar on the web and click the gear icon to go to Settings.

2. Under Event settings, find the option Automatically add invitations and select No, only show invitations to which I have responded.

3. Under Events from Gmail, uncheck the box for Automatically add events from Gmail to my calendar to have full control over what appears on your schedule.

To prevent spam on iCloud:

1. Log in to your iCloud account via a web browser (iCloud.com).

2. Open the Calendar application.

3. Click the gear icon in the bottom-left corner and select Preferences.

4. Go to the Advanced tab.

5. Under the Invitations section, change the setting to receive event invitations as Email to [your email address] instead of as in-app notifications. This stops invites from automatically populating your calendar; instead, you can vet them from your email inbox first.

Source: https://www.malwarebytes.com/blog/news/2025/11/fake-calendar-invites-are-spreading-heres-how-to-remove-them-and-prevent-more