Beware Fake Calendar Invite Scams Targeting Malwarebytes Users

Beware Fake Calendar Invite Scams Targeting Malwarebytes Users

Beware Fake Calendar Invite Scams Targeting Malwarebytes Users

Scammers are exploiting calendar invites to impersonate trusted brands like Malwarebytes, tricking users into calling fake “billing support” numbers. These scams use large, attention-grabbing charges and urgent language to pressure victims into acting without thinking. Here’s how to spot and avoid these threats.

How the Scam Works

The fake calendar invites mimic official billing notifications, often claiming a charge of hundreds of dollars for multi-year services. The goal? To get you to call a scammer’s number immediately to “dispute” the charge. Unlike phishing emails, these scams rely on phone interactions to extract sensitive data.

Red Flags in Fake Calendar Invites

  • Unnatural phrasing: Errors like “4yrold” or overly generic greetings (“Dear Sir/Madam”) signal fraud.
  • Inconsistent formatting: Random capitalization (“FOUR YEAR”) or odd currency codes (“USD344.55”).
  • Odd phone numbers: Numbers with strange punctuation (1.810.228.8708) or non-standard structures.
  • Fake product names: References to services not offered by the company.

What Happens If You Call the Scam Number?

Calling the number can lead to severe consequences:

1. Financial Data Theft

Scammers may ask for:

  • Credit card details (number, expiry, CVV)
  • Bank account and routing numbers
  • One-time passcodes from banks

With this information, they can make unauthorized purchases, enroll you in subscriptions, or commit identity theft.

2. Remote Access to Your Device

Scammers might trick you into installing tools like TeamViewer to “cancel” the charge. Once connected, they can:

  • Steal passwords and session cookies
  • Install malware
  • Manipulate your browser to fake refunds

3. Personal Information Harvesting

Even if you hang up, scammers may ask for:

  • Full name, address, and date of birth
  • Email addresses and passwords
  • Answers to security questions

This data can be used for future fraud, such as opening accounts in your name.

How to Spot and Remove Fake Calendar Entries

Legitimate companies never send billing notices as calendar events. Red flags include:

  • Event titles like “Payment Processed Successfully: [code]”
  • Unsolicited entries created by unknown contacts
  • No prior interaction with the company

Steps to Remove Fake Entries

  1. Open your calendar app (Google, Outlook, etc.).
  2. Locate the suspicious event.
  3. Delete it permanently and block the sender.

Prevent Future Calendar Scams

  • Verify all billing notices: Check your email or account dashboard for official communications.
  • Ignore urgent calls: Legitimate companies won’t pressure you to act immediately.
  • Report suspicious invites: Delete them and report to your email provider.

Stay Vigilant and Protect Your Data

Calendar scams are evolving, but awareness is your best defense. If you receive a suspicious invite, delete it immediately and verify any charges through official channels. Share this guide to help others avoid falling victim to these schemes.