Cybersecurity experts are warning consumers about a growing phishing scam that uses digital calendar invitations to trick victims into revealing personal information, financial details and account credentials.

Unlike traditional phishing emails, the scam arrives as a calendar invitation through services such as Google Calendar, Microsoft Outlook and Microsoft 365. Because many calendar applications automatically add invitations to users’ calendars, the fake events can appear legitimate and blend in with real appointments.

The fraudulent invitations often contain alarming messages such as account security warnings, password expiration notices, billing issues, invoice notifications or prize claims. Victims are encouraged to click a link or call a phone number included in the calendar event. Once contact is made, scammers attempt to steal passwords, banking information, credit card numbers or other sensitive data.

Security researchers say criminals are increasingly using calendar-based attacks because people tend to trust events that appear in their personal calendars. In some cases, malicious invitations can remain on a user’s calendar even after the original email is filtered as spam.

Experts recommend never clicking links or calling phone numbers included in unexpected calendar invitations. Users should verify account issues directly through official company websites and report suspicious invitations as spam or phishing attempts. Google and other cybersecurity organizations also recommend adjusting calendar settings so invitations are only added automatically from known senders.

Identity theft experts warn that phishing schemes continue to evolve as criminals find new ways to reach potential victims. Staying cautious with unexpected messages — whether by email, text message or calendar invitation — remains one of the best defenses against fraud.