Fake Calendly / scheduling tool meeting invitation phishing — impersonates Calendly, Cal.com, Doodle, or scheduling platforms with a "confirm your meeting" link that harvests Microsoft 365 or Google credentials; Cofense 2024: scheduling-tool phishing emerged as top-10 business email threat as remote work normalized calendar link flows
fake-calendly-scheduling-meeting-invitation-phish
What this tier means
High-confidence threat indicator — phishing, impersonation, BEC, or scam pattern. Strong contributor to the trash decision.
How Gorganizer detects this
Phishing emails impersonating Calendly, Cal.com, Doodle, or other scheduling platforms with a fake "meeting has been scheduled" or "confirm your meeting" notification that leads to a Microsoft 365 or Google credential-harvest page — exploiting the normalized expectation that clicking scheduling links is safe and routine. Key facts: (1) Cofense 2024: scheduling-tool phishing emerged as a top-10 business email threat category, driven by the mass normalization of remote work calendar flows — employees click "confirm meeting" links automatically, the same way they follow "download file" links; (2) The attack perfectly mimics real Calendly, Doodle, and Cal.com notification emails in structure: "Someone scheduled a 30-minute call with you — click to confirm" followed by a credential page that harvests Microsoft 365 or Google Workspace logins for business email account takeover; (3) The attacker's goal is not just credential theft — business calendar access enables deep spear-phishing and BEC (Business Email Compromise): once the attacker can read the victim's calendar, they know who to impersonate, what meetings are scheduled, which executives to target, and what context will make the next fraudulent email convincing; (4) Legitimate Calendly, Cal.com, and Doodle meeting notifications arrive from verified platform domains and link directly to the hosted event page — they never require the recipient to re-authenticate with Microsoft or Google credentials to view a meeting they were invited to. Warning signs: sender domain not calendly.com, cal.com, or doodle.com; confirmation requires Microsoft 365 / Office 365 / Google account sign-in; no specific inviter name, meeting title, or date/time shown; urgency language about confirming immediately.
False-positive guard
Every signal in Gorganizer feeds a multi-module score — never a sole verdict. This is a threat-tier signal — it adds a strong contribution to the trash score. The full pipeline still requires convergence across multiple modules + a margin over the safety floor before deletion happens, and Gmail's trash (30-day recovery) is always used — never permanent delete.
About the scoring engine
Gorganizer's scoring engine emits over 1,800 signals across six modules — headers, sender, subject, body, attachments, and structural metadata. Every email is scored by every module independently; the final verdict requires multiple modules to agree and the trash score to beat the safety floor by a margin.
Sacred safety guards — never delete starred emails, replies, calendar invites, receipts/invoices, or attachments — apply unconditionally regardless of any signal.
Ready to clean your inbox?
Gorganizer scans your Gmail with this signal and 1,800+ others, then cleans everything in one click. $4.99 one-time, no subscription.
Get started