How I almost fell for a Microsoft 365 calendar invitation

There is a new phishing scam that sneaks beyond the entrance tray filters in unexpected ways. Instead of sending suspicious links or obvious malware, he uses something that most people trust: the calendar invites. Microsoft 365 and Outlook users are being attacked by a tactic that injected false billing alerts directly into their calendars. Sometimes it includes malicious attachments, but in other cases, the predetermined configuration of calendars explodes. Paul de Cape Coral, Florida, wrote us to share his experience:

“I had a very disturbing experience with a Phishing attempt that I had almost hooked.

Paul verified his subscription status and avoided interacting with the event, which was the safest movement, but its history highlights the ease with which this type of scam can pass. This is how the attack works and what to do if it appears on your calendar.

Register for my free Cyberguy report
Get my best technological tips, urgent security alerts and exclusive offers delivered directly to your inbox. In addition, you will get instant access to my definitive scam survival guide, free when it joins me Cyberguy.com/newsletter.

How does the Microsoft 365 calendar scam works

This type of phishing combines false calendar events, Microsoft brand and social engineering tactics to deceive users to deliver personal information or click malicious content.

Start with a false billing alert: The message seems to be from Microsoft 365, warning that the renewal of its subscription has failed or has been renewed. Some versions include an attachment .htm designed to resemble a billing portal that captures the details of the credit card.

The calendar invitation adds pressure: Many of these scams include a calendar file (.ics) that places the event directly on its calendar. If your Microsoft 365 or Outlook settings automatically accept the invitations, the event appears without you doing anything.

The event seems official: Titles such as “Favoido” or “Suspended” are used to activate a rapid reaction. Even if you never click on a link, just seeing the event can cause panic or confusion.

Eliminate can confirm your identity: If your only option is “delete and decrease”, that sends a response to the sender. This confirms that your email is active and is being monitored, which makes it a larger goal.

Scammers use compromised domains: These events often come from addresses that seem legitimate at a glance, but in reality they are sent through sequested third -party domains such as .shop sites. Some even pass basic security controls, which makes them more difficult to detect.

Why Microsoft 365 Phishing invites derivation email filters

This tactic is effective because an escape explodes in how Microsoft 365 processes calendar invitations. Even if a Phishing email is marked or blocked, the calendar event associated with it can still appear on your calendar. Here is like:

Avoid traditional email filters: Tools such as Microsoft Defender Scan Incoming messages for bad attachments and files, but in this case, the attacker sends a malicious calendar invitation that is processed by Microsoft Backend calendar services. So, even if the email itself is caught, the event still lands on its calendar.

You don’t have to click or open anything: If its configuration allows calendar invitations to automatically added, that false billing alert can appear instantly, making it feel urgent and legitimate, especially when it seems that it is from Microsoft.

Trust explodes in internal tools: Because the invitation appears within Microsoft 365 or equipment, the tools you use every day, it feels more “real” than an email of a random domain. That trust is exactly what scammers tell.

What to do if you receive an invitation to the Phishing calendar in Microsoft 365

If a suspicious calendar event appears and did not accept it yourself, do not interact with him. Do not click links, do not download attachments and do not reject the invitation; Even that answer can confirm that your email is active.

Outlook is the Microsoft interface to manage email and calendar events, and comes in several different versions. The instructions below cover all three:

• New perspective: The modern application based on the web and desktop includes Microsoft 365 (formerly Office 365). Most users in Microsoft 365 today are using the new perspective.
• Classical perspective: The oldest desktop version (common in corporate configurations) with more granular calendar configurations.
• Outlook.com: The free personal version of Outlook to which it accesses through a web browser. Share many functions with the new outlook, but some configurations are exclusive to the web version.

Most people who use Microsoft 365 today are in the new perspective. This is what to do next, depending on its version:

1) Do not click or reject the invitation of the Phishing calendar

It may be tempting to hit “decrease” and move on, but that can actually return a response to the attacker, letting them know that your account is active. The previous view of the event is generally safe, but avoid clicking on links, open attachments or interact with it in any way.

2) How to delete a Phishing calendar event without alerting the attacker

New outlook (desk or web): This version no longer offers an option “eliminating without response” from the view of the calendar, which makes it more difficult to handle suspicious invitations. This is what you can do instead:

• Option 1: Leave it alone – If the event is already on its calendar and there is no entrance tray email to ignore, its safest bet is to leave it intact. Even if it deactivates “email organizer”, it still records its RSVP. In the new perspective, there is no way to completely disable this monitoring.

Option 2: Use “ignore” from the inbox – This will not necessarily eliminate the event from your calendar, but it is a useful way to get rid of email without sending an answer.

• Go to you View of the entrance tray (It’s not your calendar)
• Find the Calendar invitation email
• Right click and Choose ignore

This will move email to your garbage without sending any response or show the monitoring of RSVP. However, in some cases, the event can remain in its calendar, and can eliminate it manually later. Based on the tests, this generallyIt does not notify the sender, but there is still no guarantee that RSVP monitoring will be avoided. If the invitation is still on your calendar, the safest approach is to leave it.

Note: The “Ignore” option is only available on the entrance tray/email view. If you try to administer the invitation from the view of the calendar, your only options are acceptance, attempt or decline, all of which notifies the sender or leaves behind the monitoring of RSVP.

Classic outlook desk (previous version)

This version still offers you a clean and unanswered option:

• Click with the right button The event In your calendar
• Choose Delete
• Select “Do not send an answer” When requested

This eliminates the invitation without alerting the sender or recording your RSVP.

3) Change outlook configuration to block calendar spam and phishing invitations

New perspective

Unfortunately, there is no way to prevent meetings invitations from adding automatically to your calendar. Microsoft eliminated this control in newer versions, and users can only limit certain types of “email events” (such as travel reserves), not real meetings invitations.

Classic outlook desk

You can limit the automatic processing of invitations so that Outlook does not add them automatically:

• Gonna Archive > Option > Mail
• Move to it Monitoring section
• Deactivate “Automatically processes the requests and responses of meetings to requests and surveys”

This does not block invitations completely, but prevents perspectives from acting on them without their contribution.

4) How to report an invitation from the Phishing calendar without alerting the sender

If the event also appeared in its entrance tray, you can inform it using the built -in phishing tool of Outlook.

New perspective

• Select the invite From your entrance tray
• On the toolbar tape, go to Home > Report > Report Phishing
• Or right click on the email and choose Report > Phishing

Do not forward the calendar invitation, since this can notify the sender and confirm that your account is active.

If the Phishing report button does not work, you can send an email report to pHish@office365.microsoft.com. To do this safely:

• Open the EmaiL In the view of your inbox
• Click on the Three points In the upper right of the message
• Select Other response actions > Go ahead as attach

This method forwards email as an attached file, avoiding the risk of sending the real invitation and notifying the sender.

Classical perspective

• Go to you Inbox
• Open the Calendar invitation email (Not only do you select in the inbox)
• In the upper tape, click Report Phishing either Report Message

To manually forward Microsoft:

• Open the email In the view of your entrance tray
• Click on the Three points In the upper right of the message> forward as attach
• Send a phish@office365.microsoft.com

Again, it does not advance directly from the calendar. Always advance from the view of the entrance tray using “forward as an attached file” to avoid interacting with the invitation of the calendar or notifying the sender.

5) Verify your Microsoft account to see phishing or pirateo signs and install strong antivirus

Even if not interactu With the invitation, it is intelligent to review your account just in case:

• Go to Myignins.microsoft.com
• Check your Recent Sigrers and Devices
• Change you password If something looks
• Make sure Two factors authentication (2FA) It is on

Once you have reviewed the activity of your account, it is also worth strengthening your defenses in the future. The best way to safeguard the malicious links that install malware, which potentially access their private information, is to have strong antivirus software installed on all its devices. This protection can also alert it to the PHISHING Electronic Correos and Ransomware scams, maintaining their personal information and their safe digital assets.

Get my elections for the best 2025 antivirus protection winners for their Windows, Mac, Android and iOS devices in Cyberguy.com/Lockupyoutech.

6) Monitor your identity after a phishing attempt

If your email or login information has been exposed, scammers can try again. Use an identity protection service to scan the dark website for filtered credentials and alert it before they can be misused.

Identity theft companies can monitor personal information such as their Social Security number (SSN), telephone number and email address, and alert it if it is sold on the dark website or used to open an account. They can also help you freeze your bank and credit card accounts to avoid greater unauthorized use by criminals.

See my advice and the best selections on how to protect yourself from identity theft in Cyberguy.com/ididentitytheft.

7) Eliminate your personal information from data broker sites to avoid future scams

Scammers often buy personal information from Data Broker sites, which facilitates attention later. An elimination service can help stop by scanning and eliminating your data from hundreds of these sites.

See my best selections to obtain data removal services and get a free scan to find out if your personal information is now available on the web visiting Cyberguy.com/delete.

Get a free scan to find out if your personal information is already on the web: Cyberguy.com/freescan.

Kurt’s Key Takeways

If a suspicious event suddenly appears on your calendar, avoid interacting with it. That means there is no click, without decrease, and there are no responses of any kind. Only opening the event is usually safe, but responding in any way can make scammers know that their account is active. Outlook’s new versions make this more difficult to manage, so the safer movement is to leave the event alone, inform it from its entrance tray and verify the safety of your account. Until Microsoft adds stronger controls, calendar scams will continue to hide, but some careful steps can keep it protected.

What responsibility does Microsoft have to protect users from security defects in their own ecosystem, especially when the default configuration can expose people to phishing attacks without their knowledge? Get us knowing in Cyberguy.com/contact.

Register for my free Cyberguy report
Get my best technological tips, urgent security alerts and exclusive offers delivered directly to your inbox. In addition, you will get instant access to my definitive scam survival guide, free when it joins me Cyberguy.com/newsletter.

Copyright 2025 Cyberguy.com. All rights reserved.