Greetings UMBC Community,

We have been seeing an increase in Google Calendar being used as a new type of method for phishing. In several instances, these calendar invites are added to a user's calendar without their permission, leaving the user confused as to how the invite appeared and potentially exposing the calendar to other cybersecurity threats. These calendar invites may contain phishing links or malicious content that could be disguised as a legitimate meeting or event.

On December 19th, we will be updating our default settings for Calendar invites. Events from individuals external to UMBC will only be added to your calendar automatically if they are from a known sender or if you manually approve them from your email inbox. To make a sender known, you can click "I know the sender" on their calendar invite. Remember to always report spam if you see a calendar invite that looks suspicious.

If you wish to revert the settings on your calendar to the original setting to accept calendar invites from everyone, you can do so by following the instructions in this FAQ after December 20, 2025.

As winter break is approaching, here are also some cybersecurity reminders to help keep your UMBC account safe:

• Update and shut down all computers that will be unused for the duration of the break,

• Keep an eye out for phishing emails and report them to security@umbc.edu,

• Please validate that before signing into a UMBC-related website from a link, always hover over the link first and ensure the domain in the URL clearly contains "umbc.edu",

• Use the GlobalProtect VPN if you are a staff member working from off-campus.

If you have questions regarding this change you can reach out to security@umbc.edu. We wish everyone a happy and safe Winter Break.