What phishing calendar spam is and why it keeps coming back
Phishing calendar spam is a tactic that uses fake event invites, subscription calendars, or meeting requests to push malicious links, scams, and spam notifications into your calendar.
Once accepted, these events can keep reappearing across Google Calendar, Microsoft Outlook, Apple Calendar, and mobile devices until the source is removed.
This problem is more than an annoyance because calendar invites can bypass email filters, appear as trusted notifications, and lure users into opening harmful pages.
Understanding how these invites work is the fastest way to remove them and prevent them from returning.
How phishing calendar spam reaches your calendar
Attackers use several delivery methods that rely on default calendar behavior and sync settings.
The most common sources include:
- Malicious calendar invites sent through email with deceptive event titles and embedded links.
- Subscribed calendars that add recurring spam events through an external calendar URL.
- Automated account sign-ups that exploit “add invite to calendar” features.
- Cross-device sync that republishes the same spam event across multiple connected accounts.
Many services also allow invites from unknown senders to appear automatically unless the settings are tightened.
That is why removing the event alone is often not enough.
How to remove phishing calendar spam from Google Calendar
If you use Google Calendar, start by identifying whether the spam is a single event or a subscribed calendar.
A single event can usually be deleted, but a subscribed source must be removed entirely.
Delete the malicious event
- Open Google Calendar on desktop or mobile.
- Select the suspicious event.
- Choose Delete or Remove.
- If prompted, delete the event for all occurrences if it is recurring.
Remove unwanted subscribed calendars
- Open the calendar list on the left side of Google Calendar.
- Look for calendars you do not recognize.
- Click the three-dot menu next to the calendar name.
- Select Settings and sharing or Unsubscribe, then remove it.
Change invite handling settings
- Go to Google Calendar settings.
- Find event settings and invite settings.
- Set invitations to show only events that you have responded to, if available.
- Review notification settings so spam does not create repeated alerts.
If the spam appears in Gmail first, check whether an email filter or compromised account rule is adding calendar events automatically.
A password reset and security review may be necessary if the events keep returning.
How to remove phishing calendar spam from Outlook and Microsoft 365
In Outlook, phishing calendar spam can arrive as meeting requests, invites, or shared calendars.
Microsoft 365 users should remove the invite and then inspect the account for rules, connected apps, or calendar subscriptions that may be re-adding it.
Delete the event or meeting request
- Open Outlook Calendar.
- Find the suspicious event or request.
- Delete it from the calendar.
- If it is part of a recurring series, remove the full series.
Unsubscribe from suspicious calendars
- Look under My calendars or Other calendars.
- Right-click unknown calendar subscriptions.
- Select Remove or Delete calendar.
Review mailbox rules and app permissions
- Check Outlook rules for automatic forwarding or event processing.
- Review connected apps in Microsoft account and Microsoft 365 security settings.
- Remove any third-party app you do not recognize.
If you use Outlook on both desktop and mobile, repeat the cleanup on each synced account.
A server-side subscription can reappear even after a local deletion.
How to remove phishing calendar spam from iPhone and Apple Calendar
On iPhone, calendar spam usually comes from a subscribed calendar, an email invite, or a profile that was installed by mistake.
Apple Calendar can show events from iCloud, Gmail, Outlook, and other linked accounts, so the source matters.
Remove the spam event
- Open the Calendar app.
- Tap the suspicious event.
- Select Delete Event.
- Choose to delete all future events if the invite repeats.
Delete unwanted calendar subscriptions
- Go to Settings > Calendar > Accounts.
- Check for subscribed calendars or unknown accounts.
- Remove any calendar you did not intentionally add.
Check for suspicious profiles
- Open Settings > General > VPN & Device Management.
- Look for profiles you do not recognize.
- Delete any profile tied to spam or a suspicious website.
If the event is tied to a Gmail or Outlook account, also remove it at the source account level so it does not sync back onto the iPhone.
How to block phishing calendar spam before it appears again
Removing the event is only the first step.
To prevent repeat attacks, tighten the settings that control invites, subscriptions, and shared calendars.
- Limit who can send invites by allowing calendar additions only from known contacts when possible.
- Disable automatic event creation from email or chat services if your platform allows it.
- Review shared calendars and remove access for old services, apps, or contacts.
- Use two-factor authentication on Google, Microsoft, and Apple accounts.
- Update passwords if you suspect account compromise.
- Scan email rules and forwarding settings for hidden automation.
These controls matter because phishing calendar spam often depends on permissive defaults.
Reducing those defaults lowers the chance that a malicious invite will become a persistent calendar entry.
Signs the calendar spam may indicate a compromised account
Some spam invites are just noisy, but repeated event creation can signal a larger security issue.
Watch for these warning signs:
- Events reappear after deletion.
- Unknown devices are signed into your account.
- Email rules or calendar subscriptions change without your action.
- Friends or coworkers receive strange invites from your account.
- Password reset alerts or login alerts appear unexpectedly.
If any of these happen, secure the account immediately.
Change the password, sign out of all sessions, enable multifactor authentication, and review recent login activity.
Best practices for staying safe from calendar-based phishing
Calendar phishing works because users trust event notifications more than random emails.
A few habits make these attacks much less effective:
- Do not open links in an invite unless you can verify the sender independently.
- Do not accept unexpected calendar subscriptions.
- Check the event organizer’s address, not just the display name.
- Hover over links on desktop or long-press on mobile before tapping.
- Report suspicious messages through Gmail, Outlook, or Apple Mail spam tools.
- Keep operating systems, calendar apps, and browsers updated.
Organizations should also train users to recognize event-based lures, especially those impersonating meeting rooms, delivery notices, payment reminders, or cloud storage alerts.
These themes are common because they create urgency and encourage quick clicks.
When to contact support or your IT team
If the spam persists after deletion, the issue may involve a synced subscription, a compromised account, or a managed device policy.
Contact your IT team, email administrator, or platform support when you cannot remove the source manually.
Enterprise users should ask for a review of calendar sharing rules, OAuth app grants, mailbox rules, and federation settings.
In managed environments, calendar spam can spread through connected identity systems, not just a single inbox.