⚠  SECURITY ALERT

Protect Yourself From Calendar & Evite Phishing Scams

What every agent needs to know about a rapidly growing cyber threat targeting real estate professionals.

 

Attn Agents,

 

Cybercriminals are increasingly targeting real estate professionals with a deceptively simple trick: fake calendar invitations and Evite-style email events. These attacks are designed to look like routine meeting requests from clients, title companies, lenders, or colleagues — but clicking on them can lead to stolen credentials, compromised devices, and wire fraud. Please read this notice carefully and share it with anyone in your office.

 

 

🎯  What Is This Threat?

 

CALENDAR INVITE SCAMS

Scammers send unsolicited Google Calendar, Outlook, or iCal invitations that automatically appear on your calendar. The event description contains malicious links disguised as meeting links (Zoom, Teams, DocuSign).

FAKE EVITE / EVENT EMAILS

Fraudulent "invitation" emails impersonate services like Evite, Paperless Post, or even your brokerage. They urge you to "confirm attendance" or "view documents" through a link that steals your login credentials.

AUTO-ACCEPT EXPLOITATION

Many calendars are set to auto-accept meeting invitations. Scammers exploit this to plant malicious events on your calendar without you ever clicking "Accept."

NOTIFICATION TRAP

Even if you don't accept the invite, the calendar reminder notification itself may contain a clickable malicious link — catching victims who only glanced at a pop-up on their phone or desktop.

 

🏠  Why Real Estate Agents Are Prime Targets

You regularly receive meeting requests from strangers — buyers, sellers, escrow officers, lenders, inspectors, and attorneys. Scammers know this and craft invitations that look exactly like a routine closing appointment, property walkthrough, or DocuSign reminder.

California real estate transactions involve significant wire transfers, making our industry one of the highest-value targets for cybercriminals nationwide. Your busy calendar is their opportunity.

 

 

 

⚙️     How These Attacks Work — Step by Step

 

1

You receive an unsolicited calendar invite or event email

It may reference a property address, client name, or upcoming "closing" — details scammers find from public MLS listings or social media.

 

2

The invite appears legitimate

It uses familiar logos (Zoom, DocuSign, Google Meet, your brokerage) and urgent language like "Action Required" or "Confirm by 5pm today."

 

3

You click the link in the event description or email

The link takes you to a convincing fake login page that captures your username and password — or silently installs malware on your device.

 

4

Your account or device is compromised

With access to your email, scammers intercept wire transfer instructions, impersonate you to clients, or lock your files with ransomware.

 

 

🚩  Red Flags to Watch For

 

🚩  You don't recognize the sender or weren't expecting an invite from that person or company.

🚩  The sender's email address looks slightly wrong — e.g., [email protected] instead of google.com.

🚩  The meeting link goes to a URL you don't recognize — hover before you click to preview the actual destination.

🚩  The event asks you to "verify your identity," "log in to confirm," or enter your password to view a document.

🚩  The invitation creates artificial urgency ("expires in 1 hour," "respond immediately") to pressure quick action.

🚩  The event contains unusual formatting, broken English, or grammar inconsistent with the supposed sender.

🚩  You receive a calendar notification for an event you never agreed to attend — especially outside business hours.

 

⚠  Important: Calendar Invites Bypass Your Spam Filter

Unlike phishing emails, calendar invitations are often NOT scanned by your email spam filters. They arrive as legitimate calendar protocol messages (ICS files) and land directly on your calendar — even if the underlying email would have been flagged as junk. This makes them especially dangerous.

 

 

 

✅     What To Do — and What Not To Do

 

✅     DO This

🚫  DO NOT Do This

✔  Verify unexpected invites by calling the sender directly using a known phone number.

✗  Click links inside calendar event descriptions from unknown senders.

✔  Hover over links before clicking to preview the actual destination URL.

✗  Enter your login credentials on any page you reached through a calendar invite link.

✔  Disable auto-accept of calendar invitations in your Google or Outlook settings.

✗  Click "Join Meeting" from a notification without first verifying the invite is legitimate.

✔  Delete suspicious invites — do not click "Decline" as this confirms your email is active.

✗  Download or open attachments from unverified meeting invitations.

✔  Enable two-factor authentication (2FA) on your email, calendar, and MLS accounts.

✗  Forward suspicious invitations to colleagues — this may spread the link further.

✔  Report anything suspicious to IT right away — no questions asked.

✗  Act under urgency pressure. Legitimate meetings can wait for a quick verification call.

 

 

📬  How to Report a Suspicious Invite

 

🛡  Contact [email protected] Immediately If You:

•  Received a suspicious calendar invite or event email

•  Accidentally clicked a link in a suspicious invite

•  Entered your password on an unfamiliar site

•  Notice unexpected activity in your email or calendar

 

Do not wait. Early reporting allows IT to contain a potential breach before it escalates. There is no penalty for reporting — only for not reporting. Contact the GGSIR IT Team at [email protected] the moment something seems off.

 

 

 

Cybercriminals target real estate professionals because our transactions involve large sums of money and time-pressured decisions. Your awareness is the single most effective defense. No software can fully replace a trained, skeptical eye. When in doubt — call the known contact, don't click. Thank you for taking the time to read this notice and for helping keep your clients and our company safe.