There’s a new phishing scam that’s sneaking past inbox filters in unexpected ways. Instead of sending suspicious links or obvious malware, this one uses something most people trust: calendar invites. Microsoft 365 and Outlook users are being targeted by a tactic that injects fake billing alerts directly into their calendars. Sometimes it includes malicious attachments, but in other cases, it exploits the default settings of calendars. Paul from Cape Coral, Florida, wrote us to share his experience:

“I had a very disturbing experience with a phishing attempt that almost had me hooked. I’m a Microsoft 365 subscriber and recently got the usual renewal emails. But a few days later, I started getting meeting invites saying my payment failed — they showed up directly on my calendar, even though I never opened or clicked anything. I got nervous when I tried to delete them and saw the only option was ‘delete and decline,’ which might have triggered a response to the attacker. I’ve never seen anything like this before.”

Paul verified his subscription status and avoided interacting with the event, which was the safest move, but his story highlights how easily this type of scam can slip through. Here’s how the attack works, and what to do if it shows up on your calendar.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM/NEWSLETTER.

How the Microsoft 365 calendar invite scam works

This type of phishing combines fake calendar events, Microsoft branding, and social engineering tactics to trick users into handing over personal information or clicking on malicious content.

It starts with a fake billing alert: The message appears to be from Microsoft 365, warning that your subscription renewal has either failed or been renewed. Some versions include an .htm attachment designed to look like a billing portal that captures credit card details.

The calendar invite adds pressure: Many of these scams include a calendar file (.ics) that places the event directly on your calendar. If your Microsoft 365 or Outlook settings automatically accept invites, the event appears without you doing anything.

The event looks official: Titles like “Payment Failed” or “Account Suspended” are used to trigger a quick reaction. Even if you never click a link, just seeing the event may prompt panic or confusion.

Deleting can confirm your identity: If your only option is “Delete and Decline,” that sends a response back to the sender. This confirms that your email is active and being monitored, which makes you a bigger target.

Scammers use compromised domains: These events often come from addresses that appear legitimate at a glance but are actually sent through hijacked third-party domains like .shop sites. Some even pass basic security checks, making them harder to detect.

Why Microsoft 365 phishing invites bypass email filters

This tactic is effective because it exploits a loophole in how Microsoft 365 processes calendar invitations. Even if a phishing email is flagged or blocked, the calendar event associated with it can still appear on your calendar. Here’s how:

It bypasses traditional email filters: Tools like Microsoft Defender scan incoming messages for bad links and attachments, but in this case, the attacker sends a malicious calendar invite that gets processed by Microsoft’s backend calendar services. So even if the email itself gets caught, the event still lands on your calendar.

You don’t have to click or open anything: If your settings allow calendar invites to be added automatically, that fake billing alert can show up instantly, making it feel urgent and legitimate, especially when it looks like it’s from Microsoft.

It exploits trust in internal tools: Because the invite appears inside Microsoft 365 or Teams, tools you use every day, it feels more “real” than an email from a random domain. That trust is exactly what scammers are counting on.

Microsoft 365. (Kurt “CyberGuy” Knutsson)

What to do if you get a phishing calendar invite in Microsoft 365

If a suspicious calendar event shows up and you didn’t accept it yourself, do not interact with it. Don’t click links, don’t download attachments, and don’t decline the invite; even that response can confirm your email is active.

Outlook is Microsoft’s interface for managing email and calendar events, and it comes in several different versions. The instructions below cover all three:

• New Outlook: The modern web-based and desktop app bundled with Microsoft 365 (formerly Office 365). Most users on Microsoft 365 today are using the new Outlook.
• Classic Outlook: The older desktop version (common in corporate setups) with more granular calendar settings.
• Outlook.com: The free personal version of Outlook that you access through a web browser. It shares many features with the new Outlook, but some settings are unique to the web version.

Most people using Microsoft 365 today are on the new Outlook. Here’s what to do next, depending on your version:

A woman using Microsoft 365 on her laptop. (Kurt “CyberGuy” Knutsson)

1) Don’t click or decline the phishing calendar invite

It might be tempting to hit “Decline” and move on, but that can actually send a response back to the attacker, letting them know your account is active. Previewing the event is generally safe, but avoid clicking links, opening attachments, or interacting with it in any way. 

2) How to delete a phishing calendar event without alerting the attacker

New Outlook (desktop or web): This version no longer offers a “delete without response” option from the calendar view, making it trickier to handle suspicious invites. Here’s what you can do instead:

• Option 1: Leave it alone – If the event is already on your calendar and there’s no inbox email to ignore, your safest bet is to leave it untouched. Even if you uncheck “Email organizer,” it still logs your RSVP. In the new Outlook, there’s no way to fully disable this tracking.

Option 2: Use “Ignore” from the inbox – This won’t necessarily remove the event from your calendar, but it’s a helpful way to get rid of the email without sending a response.

• Go to your Inbox view (not your calendar)
• Find the calendar invite email
• Right-click and choose Ignore

This will move the email to your Trash without sending any response or showing RSVP tracking. However, in some cases, the event may remain on your calendar, and you can delete it manually afterward. Based on testing, this usuallydoesn’t notify the sender, but there is still no guarantee that RSVP tracking is avoided. If the invite is still on your calendar, the safest approach is to leave it.

Note: The “Ignore” option is only available in the inbox/mail view. If you try to manage the invite from the calendar view, your only options are Accept, Tentative, or Decline, all of which either notify the sender or leave behind RSVP tracking. 

Classic Outlook desktop (older version)

This version still gives you a clean, no-reply option:

• Right-click the event in your calendar
• Choose Delete
• Select “Do not send a response” when prompted

This removes the invite without alerting the sender or recording your RSVP.

3) Change Outlook settings to block calendar spam and phishing invites

New Outlook

Unfortunately, there is no way to prevent meeting invites from being automatically added to your calendar. Microsoft removed this control in newer versions, and users can only limit certain types of “Events from email” (such as travel reservations), not actual meeting invites.

Classic Outlook desktop

You can limit auto-processing of invites so Outlook doesn’t automatically add them:

• Go to File > Options > Mail
• Scroll to the Tracking section
• Uncheck “Automatically process meeting requests and responses to meeting requests and polls”

This doesn’t block invites completely, but it stops Outlook from acting on them without your input.

4) How to report a phishing calendar invite without alerting the sender

If the event also appeared in your inbox, you can report it using Outlook’s built-in phishing tool.

New Outlook

• Select the invite from your inbox
• In the toolbar ribbon, go to Home > Report > Report phishing
• Or right-click the email and choose Report > Phishing

Do not forward the invite from the calendar, as this may notify the sender and confirm your account is active.

If the phishing report button doesn’t work, you can email a report to phish@office365.microsoft.com. To do this safely:

• Open the email in your inbox view
• Click the three dots on the top right of the message
• Select Other reply actions > Forward as attachment

This method forwards the email as an attachment, avoiding the risk of sending the actual invite and notifying the sender.

Classic Outlook

• Go to your Inbox
• Open the calendar invite email (don’t just select it from the inbox)
• In the top ribbon, click Report phishing or Report message

To manually forward it to Microsoft:

• Open the email in your Inbox view
• Click the three dots on the top right of the message > Forward as attachment
• Send to phish@office365.microsoft.com

Again, do not forward directly from the calendar. Always forward from the inbox view using “Forward as Attachment” to avoid interacting with the calendar invite or notifying the sender. 

5) Check your Microsoft account for signs of phishing or hacking and install strong antivirus 

Even if you didn’t interact with the invite, it’s smart to review your account just in case:

• Go to mysignins.microsoft.com
• Review your recent sign-ins and devices
• Change your password if anything looks off
• Make sure two-factor authentication (2FA) is turned on

Once you’ve checked your account activity, it’s also worth strengthening your defenses moving forward. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. 

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at CyberGuy.com/LockUpYourTech.

6) Monitor your identity after a phishing attempt

If your email or login info has been exposed, scammers may try again later. Use an identity protection service to scan the dark web for leaked credentials and alert you before they can be misused.

Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number, and email address, and alert you if it is being sold on the dark web or being used to open an account.  They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. 

See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com/IdentityTheft.

7) Remove your personal info from data broker sites to avoid future scams

Scammers often buy personal information from data broker sites, which makes it easier for them to target you again later. A removal service can help stop that by automatically scanning and deleting your data from hundreds of these sites. 

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com/Delete.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com/FreeScan.

Kurt’s key takeaways

If a suspicious event suddenly shows up on your calendar, avoid interacting with it. That means no clicking, no declining, and no replies of any kind. Just opening the event is usually safe, but responding in any way can let scammers know your account is active. The new Outlook versions make this harder to manage, so the safest move is to leave the event alone, report it from your inbox, and double-check your account security. Until Microsoft adds stronger controls, calendar scams will continue to sneak through, but a few careful steps can keep you protected.

What responsibility does Microsoft have to protect users from security flaws in its own ecosystem, especially when default settings can expose people to phishing attacks without their knowledge? Let us know by writing to us at Cyberguy.com/Contact.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM/NEWSLETTER.

Copyright 2025 CyberGuy.com. All rights reserved.
 

Amazon Prime Day kicks off tomorrow, July 8th, but you don’t have to wait until then to pick up Apple’s latest pair of AirPods at a discount. Right now, the AirPods 4 are available for around $99 ($30 off) at Amazon, Best Buy, and Walmart, while the AirPods 4 with noise cancellation are going for around $149 ($30 off) at Amazon, Best Buy, and Walmart. That’s within $10 of the lowest price we’ve seen on the ANC model and matches the lowest price to date on the base pair.

Both versions of Apple’s current-gen earbuds feature shorter stems and larger buds than previous models, allowing them to accommodate a broader range of ear shapes. The open-style earbuds use a hard plastic body that doesn’t create a tight seal inside your ear, which means they sacrifice some bass response compared to gummy-tipped earbuds. Hardshell earbuds won’t create pressure in your ear, though, which can feel uncomfortable after listening to music for a few hours.

Overall, the fourth-gen AirPods sound better than previous models due to a custom amplifier and new acoustic architecture. Audio quality is somewhat subjective and largely depends on how the music was recorded, mixed, and mastered; however, former Verge staffer Chris Welch noted in his review that he was pleased with the sound of Apple’s latest pair of wireless earbuds. If you’re upgrading from an older pair, you’ll notice a difference.

The AirPods 4 run on Apple’s H2 chip, which is required for Voice Isolation, a feature that reduces background noise and amplifies the volume of your voice during calls. If you’re using an iPhone, you can say “Hey Siri” to evoke Apple’s smart assistant to place calls, hear and return messages, and play music. You can also locate the earbuds using the Find My app on Apple devices if they’re misplaced.

The entry-level model can last up to five hours on a single charge and can be fully charged five times using the included USB-C charging case (the ANC model also offers wireless charging). Both pairs of earbuds are also IP54-rated for dust, sweat, and water resistance, ensuring you can wear them safely during workouts. Needless to say, the AirPods 4 are excellent earbuds at their current price, whether you opt for the model with active noise cancellation or not.

Three more deals worth your time

A breakthrough in medical technology could soon change how sinus infections are treated. Scientists have created micro-robots for sinus infection treatment that can enter the nasal cavity, eliminate bacteria directly at the source, and exit without harming surrounding tissue. This drug-free, targeted approach may reduce our dependence on antibiotics.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM/NEWSLETTER.

What are micro-robots for sinus infection treatment?

These microscopic robots are smaller than a speck of dust. They are made of magnetic particles enhanced with copper atoms. Doctors insert them through a narrow duct in the nostril. Once inside, the micro-robots are guided by magnetic fields to reach the infected area.

At that point, a fiber optic light heats the particles and triggers a chemical reaction. This reaction breaks through thick mucus and destroys harmful bacteria at the infection site. As a result, treatment becomes faster, more precise, and far less invasive.

This latest advancement comes from a collaboration of researchers at the Chinese University of Hong Kong, along with universities in Guangxi, Shenzhen, Jiangsu, Yangzhou, and Macau. Their work, published in “Science Robotics,” has helped move micro-robotic medical technology closer to real-world applications. 

Why use micro-robots instead of antibiotics?

Traditional antibiotics circulate throughout the entire body. In contrast, micro-robots target only the infected area. This reduces side effects and lowers the risk of antibiotic resistance. Furthermore, patients may recover faster because the treatment goes straight to the source.

A woman with a sinus infection. (Kurt “CyberGuy” Knutsson)

Are micro-robots safe?

So far, animal trials have shown promising results. Micro-robots successfully cleared infections in pig sinuses and live rabbits, without causing tissue damage. However, scientists still need to ensure that every robot exits the body after treatment. Leftover particles could pose long-term risks.

In addition, public acceptance remains a challenge. The idea of tiny machines inside the body makes some people uncomfortable. Nevertheless, experts believe those fears will fade over time.

What other uses are possible?

Researchers are already exploring how micro-robots could treat infections in the bladder, stomach, intestines, and bloodstream. Several teams around the world are working to make the technology more advanced and adaptable for deep internal use. If successful, these innovations could revolutionize the way we fight bacteria in the human body.

A doctor examining a woman with a sinus infection. (Kurt “CyberGuy” Knutsson)

Kurt’s key takeaways

The rise of micro-robots for sinus infection treatment marks a major shift in medical care. By offering precise, non-invasive therapy without antibiotics, this method could redefine how infections are treated. With continued research and testing, these tiny tools may soon become powerful allies in modern medicine.

Would you let microscopic robots crawl through your sinuses if it meant never needing antibiotics again? Let us know by writing to us at Cyberguy.com/Contact.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM/NEWSLETTER.

Copyright 2025 CyberGuy.com. All rights reserved.