Unexpected Outlook Invitations: What’s happening and why you should care

Written By Roger Ahuja

You open your Outlook calendar and find an appointment you never created. That unsettling moment — someone else added an event to your schedule without your consent — is exactly what many people are finding lately. Scammers are exploiting a loophole in Outlook’s meeting-handling behavior to push unwanted invitations into calendars, clutter schedules, and even try to trick recipients into clicking links or joining fake meetings.

How the loophole works

  • Scammers send meeting invitations that appear legitimate enough to be accepted automatically or to show on your calendar.

  • Because Outlook can add online-meeting metadata to every appointment and has automatic accept/decline behaviors, those invitations can appear without you taking any action.

  • Once the invite appears, a malicious link or meeting join button can be used to phish credentials, install malware, or socially engineer you.

Quick fix — stop Outlook from auto-adding online meetings

Follow these steps in Outlook to prevent automatic insertion of online meeting details into every new meeting:

  1. Open Outlook.

  2. Click File, then select Options.

  3. Choose Calendar from the left-hand menu.

  4. Uncheck Add online meeting to all meetings.

  5. Scroll to the bottom of the Calendar options and click Auto Accept/Decline.

  6. In the Auto Accept/Decline dialog, make sure nothing is checked (no automatic processing of meeting requests).

These two changes stop Outlook from automatically stamping meetings with online-join info and from processing invitations without your explicit action.

Best practices to reduce risk

  • Never click links or join meetings from calendar items you did not expect.

  • Verify unexpected invites by contacting the organizer through a trusted channel (email address you know, phone, or your organization’s directory) rather than using the meeting’s reply/join controls.

  • Train staff and family to recognize unsolicited calendar invites and to follow the same verification steps.

  • Keep Outlook and your OS patched; many threats rely on known vulnerabilities already fixed by updates.

When to get help

If you still see strange invites after changing these settings, or if you think you or your organization may have been targeted, get assistance. We can walk through the settings with you, check account rules and delegates, and verify if your account has been abused.

Give us a call and we’ll help secure your calendar and make sure nothing slips through the cracks.

Roger Ahuja
Next

Accidentally deleted files and nothing in the Recycle Bin with no backup