Fake meeting invitation - what damage could be done?

I fell for what I now know was a phishing attempt. Here’s what happened:

• Got an email with a meeting request using what looked like a legitimate scheduling platform
• Clicked through and selected a meeting time
• Confirmed my attendance when prompted
• The fake meeting got added to my calendar with a video call link

I also got a suspicious extortion email later (different address but probably connected). I figured out the original sender was impersonating someone from a real company. I haven’t joined the actual video call and won’t.

Ran a basic antivirus scan and it came back clean. My question is whether any harm was already done just from clicking those initial links and confirming the meeting? What steps should I take now? Or do these scammers usually only do damage once they get you on the video call where they try to get remote access or trick you into giving payment info?

Thanks for any advice!

Good call avoiding that video call. You’re probably fine since you only clicked links and confirmed attendance - didn’t enter passwords or financial info, right? But now they know your email’s active, so expect more scam attempts.

The real damage happens on the actual call where they social engineer you or trick you into downloading fake meeting software. You skipped that part, so you dodged the worst of it.

I’d change passwords for any accounts tied to that email, especially if you reuse the same password everywhere. Watch for more phishing emails over the next few weeks - they’ve marked you as a potential target. That extortion email? They’re just throwing stuff at the wall to see what works.