Scammers Abuse Calendar Invites to Plant Phony Subscription Notices

Malwarebytes warns of an active phishing campaign that uses Google Calendar invites to send fake subscription renewal notices containing attention-grabbing charges and a phone number that connects victims to scammers; the attackers rely on users calling to dispute or cancel the charge so they can pressure victims into revealing payment details, installing remote-access tools, or sending money. The report recommends disabling auto-add for calendar invites, restricting calendar permissions, removing public/anonymous access to shared calendars, using up-to-date anti-malware with web protection, enabling multi-factor authentication, and not engaging with unsolicited calendar events.