New Phishing Alert: Scammers Targeting Microsoft 365 Users Through Calendar Invites
A new and unexpected phishing tactic is making its way through Microsoft 365 environments — and it’s not coming through your inbox. Instead, scammers are now targeting users through calendar invites, injecting fake billing alerts directly into calendar apps like Outlook. This new method is not only clever but also dangerous, as it bypasses many traditional spam filters and security tools.
Rather than sending suspicious links or obvious malware, attackers are now using what many people inherently trust: a standard meeting invite. These events often appear to come from Microsoft or a billing department, warning users about a payment failure or an expired subscription. Some may even include malicious attachments or links disguised as “renew now” buttons.
What Can You Do?
-
Review your calendar settings and disable automatic event additions from unknown senders.
-
Don’t click on any suspicious invites or attachments.
-
Avoid replying or selecting “decline,” which might notify the scammer.
-
Verify billing issues directly through your official Microsoft 365 account.
These evolving tactics are another reminder of the importance of layered security and awareness. Even trusted apps like your calendar can be used as a gateway for phishing attempts.
At Vantechs, we’ve always warned about switching entirely to cloud platforms without the right safeguards. Two of the biggest concerns — security attacks and reliability issues — continue to be major risks. This is a clear example of the former.
Even if your organization uses Microsoft 365 or other cloud-based solutions, a local backup strategy is essential. Having on-premise data protection can prevent irreversible loss in the event of a successful phishing or ransomware attack.