Sneaky calendar scam & Affirm scammers

Today's newsletter covers a sneaky calendar scam & Affirm scammers: what to watch out for.

Author

Cassie Crossley
September 15, 2025

In this issue:

  • Threat of the week: Sneaky calendar scam

  • Affirm and scammers: what to watch out for

  • Data breaches this week

  • SPAM of the week

Sneaky calendar scam

Most people rely on their digital calendars to keep life on track—doctor appointments, birthdays, work meetings, you name it. But did you know scammers have figured out how to sneak into your calendar too? It’s called the calendar scam, and it’s a clever way for cybercriminals to trick you.

My husband received one of these recently, and I said to delete it. Don't click Yes, No, Decline, Accept, etc. Just delete it. You don't want the scammers to know they reached a "live" target.

Here’s how it works: scammers send an invite through Google Calendar, Outlook, Apple, or another calendar app. The invite often has a subject like “Claim Your Gift Card” or “Suspicious Account Login.” Because of how some calendar apps are set up, these invites can appear on your calendar automatically—even if you never clicked “accept.” Suddenly, you’ve got a fake event on your schedule that looks urgent.

If you open the event, the description usually contains a link. That link leads to a phishing site where scammers try to steal your personal info, passwords, or credit card numbers. Some even try to trick you into downloading malware.

So how do you protect yourself?

  • Never accept, decline, or reply to the invite. If you see the email, mark it as spam.

  • Don’t click links inside unexpected calendar invites.

  • Check your settings: in Google Calendar, turn off “Automatically add invitations.” That way, nothing sneaks in unless you approve it.

  • Trust your gut: if it seems too good to be true—or scary enough to force you to click—it’s probably a scam.

Your calendar should be a place to organize your life, not a playground for scammers. A quick settings check and a little skepticism go a long way in keeping your schedule scam-free.

Affirm scammers: what to watch out for

“Buy Now, Pay Later” services like Affirm are everywhere now. They make it easy to split a purchase into smaller chunks instead of paying everything upfront. Convenient? Definitely. But scammers love anything involving money and personal details—and Affirm is no exception.

First, the good news: Affirm itself uses strong protections. They encrypt your data, monitor accounts for suspicious logins, and offer multi-factor authentication.

The problem is that scammers don’t go after Affirm’s servers—they go after you. Here are a few ways they may try to take advantage:

  • Phishing scams. Fake emails or texts that look like they’re from Affirm can trick you into clicking bad links or giving away login details. Once scammers have your credentials, they can open accounts or make purchases in your name.

  • Identity theft. Because Affirm requires personal information like your name, address, financial details, and even government ID documents, scammers know it’s a goldmine. If they can get access to your account, they can potentially use that data for fraud elsewhere.

  • “Help” scams. Some fraudsters pose as Affirm customer service, reaching out by phone or social media. They may offer to “fix” an issue or “speed up approval,” but really they just want your login or bank info.

  • Overspending traps. Affirm makes it easy to borrow in small chunks, which can pile up into big debt. Scammers may exploit this by selling fake goods online and steering you toward Affirm as the payment method, knowing you won’t feel the sting until later.

So how do you stay safe? A few simple habits help:

  1. Only log in through the official Affirm app or website—not links from texts or emails.

  2. Turn on multi-factor authentication so even if someone steals your password, they can’t easily get in.

  3. Never share codes or passwords with anyone claiming to be Affirm support. Real reps won’t ask.

  4. Watch your purchases—scammers sometimes test accounts with small charges first.

  5. If a deal looks too good to be true, it probably is.

Affirm works hard to protect you, but scammers are clever at targeting users directly. Treat your Affirm account with the same caution you’d give your bank, and you’ll keep both your money and your identity safer.

Data breaches this week

Most of the time these will be companies that you don’t have any personal data with, but scan the names to make sure you aren’t affected.

UK LNER train operator: TBD individuals: UK Train Operator LNER Warns Customers of Data Breach

Cornwell Quality Tools: 103k individuals: 100,000 Impacted by Cornwell Quality Tools Data Breach

Georgia Wayne Memorial Hospital: 160k individuals: 160,000 Impacted by Wayne Memorial Hospital Data Breach

SPAM example of the week

An incorrect email address instead of mine and a misspelling of “LOCCKED”. And a real email won’t have a full image as the email content.

Do you have an idea for a future newsletter? Please reply to this email and let me know.

Thank you so much!

Sincerely,
Cassie Crossley
Founder, Cyber Safe Center
https://www.cybersafecenter.com