Guru's Verification engine ensures consistency, confidence, and trust in the knowledge your organization shares. Learn more.

SCAM ALERT: Recent Google Calendar Scams

DATE: 10/09/2025
GOOGLE CALENDAR EVENT TITLE: Invoice Update – PayPal to BTC Exchange – Payment Verified
COMMUNICATION CHANNEL: Google Calendar
SENDER: Various

The Information Security & Privacy Office (ISPO) has seen a significant increase in phishing campaigns using Google Calendar events. In this attack, malicious calendar invitations are being sent and are automatically appearing on users' Google Calendars, even if they did not receive a corresponding email notification. These invites often contain links or phone numbers designed to obtain or steal user credentials or install malware if clicked.

Sample Phishing Message

Screenshot of calendar event descriptions. See below for details.

Please see below to read the full text of the message.

Message Text & Red Flags

Message Text

SALES RECEIPT
Receipt Number: INV-714017
Sale Date: September 04, 2025

Tender: PayPal

Item Sold:
GeekSquad Tech Protection - $627.99

Sale Amount: $627.99
Tax: $0.00
Total: $627.99

Payment Confirmation: 36043

Please retain:
-This sales receipt is your proof of purchase.
-Present this receipt to validate your plan coverage.
-The return policy is effective 30 days from sale date.
-Payment was made securely through PayPal.
-Technical Support: +1 (865) 208-7627

Tech Support: +1 (865) 208-7627

The day before at 11:50pm

wright8959@fundacjausmiechu.org

Red Flags

🚩 The Delivery Method is suspicious: A legitimate company like Best Buy/Geek Squad or PayPal will not send a sales receipt by inviting you to a random Google Calendar event. They send receipts via email or provide them directly on their website/app. Scammers use this method to bypass email spam filters.
🚩 Urgent Call-to-Action: The entire purpose of this scam is to make you panic about the large, unauthorized charge ($627.99) and call the "Tech Support" number to "dispute" it.
🚩The phone number, +1 (865) 208-7627, is likely a burner number connected to the scammers. Legitimate companies list official, verifiable contact numbers on their main websites, not just in an unsolicited calendar invite.
🚩 Unrelated/Suspicious Domain: The sender's email, wright8959@fundacjausmiechu.org, is the most immediate giveaway. The domain, fundacjausmiechu.org (a Polish charity), has no connection to Geek Squad, Best Buy, or PayPal. Legitimate receipts would come from an official corporate domain (e.g., @bestbuy.com, @paypal.com).
🚩 Generic Sender Name: The use of a random personal-style address (wright8959) is not how automated, professional receipt systems operate.
🚩 Implied Vendor is Missing: While it lists "GeekSquad Tech Protection," the receipt is not from Best Buy (the company that owns Geek Squad) or PayPal. There is no company logo, address, or official branding.
🚩 Missing Transaction Details: A real PayPal receipt for a charge this size would include the specific email address/account charged, a detailed transaction ID (not a generic 5-digit "Payment Confirmation"), and a link to view the transaction on PayPal's site.
🚩 Odd Time Stamp: The note "The day before at 11:50pm" is not standard for an automated, professional receipt and adds to the unprofessional feel of the message.

Take Action

To avoid this type of phish, we strongly recommend adjusting your Google Calendar settings to only add invitations from known senders. Find step-by-step instructions on the IT website.

If you received this calendar event invite, do not engage with the invitation— do not reply, download attachments, or click on links, or call the phone numbers included in the event description. Please send a screenshot of the invitation to IT Central at ITCentral@newschool.edu to report the phishing scam and then delete the event from your calendar.

Return to Phish Bowl

You must have Author or Collection Owner permission to create Guru Cards. Contact your team's Guru admins to use this template.