Blocking Calendar Phishing in Google Calendar
For Students, Faculty, Staff, Guests, Alumni
Calishing is a type of phishing attack that abuses online calendars by sending fake event invitations or automatically added events that look legitimate but are actually malicious. These events may claim to be security alerts, invoices, appointments, or package deliveries and often include links or phone numbers that try to trick you into sharing passwords, financial information, or installing malware. If you see an unexpected calendar event, do not click any links or call any numbers in the event description. Instead, verify the event through a trusted source, delete it from your calendar, and report suspicious activity to Information Security and Assurance.
1. Click the 3 x 3 Grid on the top right of your browser.
2. Click "Calendar"
3. Click "Settings menu"
4. Click "Settings"
5. Click "Event Settings"
6. Click the down arrow for "Add invitations to my calendar"
You have two options for handling calendar invitations.
Option 1 (Step 7 below) will only allow invitations to populate on your calendar ONLY after you respond to the invitation in email.
Option 2 (Step 8 below) will only allow invitations to populate on your calendar ONLY if you have communicated with the invitee via email prior.
7. Click "When I respond to the invitation in email" this setting will only allow
invitations to be added to your calendar after you accept the invite via email.
8. Click "Only if the sender is known" this setting will allow invitations to populate on your calendar only if you have communicated with the invitee via email prior.
9. Click "OK" to have the changes applied to your calendar.
