User profile for user: jhicken
jhicken Author
User level: Level 1
4 points

Potential malware in .ics calendar event attachment

I received an email that had two files attached to it. One was a .ics calendar event file, and I'm not sure what the other file is. It has a firefox logo on it, and a tag that same Microsoft_356_Admin_portal... Based on the replay email, and what I've read online, this is probably a phishing scam or some other malicious ploy. I havent' clicked on anything but it appears the .ics file downloaded an event to my calendar [didn't click on anything]. It has the same domain expiry message and some other official looking dialog. My question, should I be worried about this? I'm not planning on clicking on anything in the email or in the calendar event. Could something have snuk in with the .ics file? I also cannot delete the event and am told that it's a read only file. Any guidance would be appreciated.


[Re-Titled by Moderator]

Original Title: .ics calendar event malware?

MacBook Pro 16″, macOS 15.6

Posted on Oct 27, 2025 6:39 PM

Reply
Question marked as Top-ranking reply
User profile for user: Mac Jim ID
Mac Jim ID
User level: Level 9
56,756 points

Posted on Oct 27, 2025 7:06 PM

Do you have a Hotmail, Outlook, or Microsoft Exchange email account? If so those are spam invitations that are synced to your Calendar from the Microsoft mail servers. This happens a couple of times a year where the spam infiltrates the Microsoft servers and eventually Microsoft gets a handle on them where they are removed. Just resolved a similar situation with another user moments ago, so apparently there is another wave going around again.


If it is due to the Microsoft account, you can quit syncing that account with your Calendar at Calendar > Settings > Accounts. Other than the annoyance of them appearing in your Calendar, they are not harmful. You also do not have the ability to delete them from the Calendar directly, unless you are able to locate the spam email and remove it from their server, or quit syncing that account with the Calendar.

View in context
2 replies
Question marked as Top-ranking reply
User profile for user: Mac Jim ID
Mac Jim ID
User level: Level 9
56,756 points

Oct 27, 2025 7:06 PM in response to jhicken

Do you have a Hotmail, Outlook, or Microsoft Exchange email account? If so those are spam invitations that are synced to your Calendar from the Microsoft mail servers. This happens a couple of times a year where the spam infiltrates the Microsoft servers and eventually Microsoft gets a handle on them where they are removed. Just resolved a similar situation with another user moments ago, so apparently there is another wave going around again.


If it is due to the Microsoft account, you can quit syncing that account with your Calendar at Calendar > Settings > Accounts. Other than the annoyance of them appearing in your Calendar, they are not harmful. You also do not have the ability to delete them from the Calendar directly, unless you are able to locate the spam email and remove it from their server, or quit syncing that account with the Calendar.

Reply
User profile for user: jhicken
jhicken Author
User level: Level 1
4 points

Oct 28, 2025 6:58 AM in response to Mac Jim ID

Thanks for the response. Unfortunately we do use Microsoft 365 for mail (as well as other business needs). This is on my wife's laptop and her business requires it. I'll adjust the syncing on her account to prevent future annoyances. As long as there wasn't anything else that infiltrated her laptop, she can live with the event listing. I'm surprised there isn't a way to remove it from her calendar.


thanks for the response.

Reply

Potential malware in .ics calendar event attachment

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up