If you use Google’s free calendar service to schedule business or personal events, be on the lookout for fake notifications going around. The bad guys are using unsolicited Google Calendar notifications to trick you into clicking phishing links so they can steal your information or install malware on your computer.

Here’s how it works: Scammers send a realistic-looking Google Calendar invite complete with a meeting topic and location information. Some of these fake events even claim that you’re entitled to a cash payment. The event details contain a link that you’re prompted to click to “see more information”. At first glance, the link appears to take you to a Google website, but beware! If you click the link your computer could be infected with malware, or your bank (or other) account information could be stolen if you unknowingly provide any data to the scammers.

Remember the following to avoid falling for scams like this:

  • Never click links in emails or in calendar notifications that you weren’t expecting. Even if you were expecting an email or an event invite, pick up the phone or use an alternative channel of communication to confirm whether the sender is legitimate.
  • Always hover over links to see where they’re taking you before clicking. The link may take you to a different address from the URL that is shown.
  • Don’t fall victim by clicking a link to gain something of value–like an unexpected payment. If something sounds too good to be true, it probably is. Delete suspicious emails or follow the reporting procedures put in place by your organization.

Stop, Look, and Think. Don't be fooled.