Beware of Calendar Phish
An old phishing campaign is resurfacing, targeting Google Calendar users by embedding fake events into their calendars. These events often appear automatically, making them harder to detect. They typically contain malicious links or attachments and can bypass email filters for this reason. Attackers use urgent language such as “Final Notice: Payroll Acknowledgment Required” and may even spoof trusted addresses and domains.
How it works
- A phishing email contains a calendar file (.ics) that automatically adds an event to your calendar
- Events may include malicious links or attachments requesting credentials or sensitive information
- Common tactics:
- Urgent subjects like “Payment will be processed within hours”
- Fake email addresses designed to make you trust them.
What FIT has done to protect you
FIT has adjusted the global settings in FIT’s Google Workspace so that if you receive a calendar invitation from an external sender you haven’t interacted with before, it will not automatically appear on your calendar—you’ll need to accept the invitation first. While this control is in place globally for the whole FIT domain, it is also best to apply it locally. You can follow the instructions below for both your FIT and personal Google calendars.
How to Further Protect Yourself
Empower yourself by changing your Google Calendar settings:
- Go to https://calendar.google.com
- Click the gear icon (⚙️) → Settings
- Under Event settings, change Add invitations to my calendar to:
- Only if the sender is known (changes save automatically)
Be alert for Calendar events that:
- Come from unknown senders
- Mention cryptocurrency, PayPal, invoices, or overdue payments
- Include links or attachments asking for credentials
- List phone numbers in descriptions
If you receive a suspicious invite to your FIT Google account:
- Do not click links or open attachments
- Report the event as spam in Google Calendar and delete it
- If you clicked or entered information:
- Reset your FIT Google password immediately
- Contact Information Security by emailing [email protected]
Rakesh Kumar
AVP of IT Infrastructure Services and Chief Information Security Officer
Information Technology
Fashion Institute of Technology
333 Seventh Ave, 13th floor
New York, NY 10001
(212) 217-3403
About Cybersafe
The Division of Information Technology is dedicated to protecting the FIT community from the latest cybersecurity threats by providing warnings and creating awareness through training and information-sharing. Visit fitnyc.edu/cybersafe for more information. And stay tuned for emails from [email protected] for the latest from the Cybersafe campaign at FIT.
