How I almost fell for a Microsoft 365 Calendar invite scam

Microsoft 365 and Outlook users are being targeted by a tactic that injects fake billing alerts directly into their calendars.

This type of phishing combines fake calendar events, Microsoft branding, and social engineering tactics to trick users into handing over personal information or clicking on malicious content.

Even if a phishing email is flagged or blocked, the event associated with it can still appear on your calendar.

Don't click links, don’t download attachments, decline the invite; even that response can confirm your email is active.

New Outlook no longer offers a "delete without response" option from the calendar view, making it trickier to handle suspicious invites.

Previewing the event is generally safe, but avoid clicking links, opening attachments, or interacting with it in any way.

If the invite is still on your calendar, the safest approach is to leave it untouched.

Always forward from the inbox view using " Forward as Attachment " to avoid interacting with the calendar invite or notifying the sender.

Use an identity protection service to scan the dark web for leaked credentials and alert you before they can be misused.

Remove your personal info from data broker sites to avoid future scams.