Criminals are using calendar invitations to launch phishing attacks and break through email filtering. Over the summer, we saw a new phishing tactic used against the corporate world to steal employees’ login credentials. Criminals used compromised email addresses to send employees meeting invites with malicious links in the body of the invitation disguised as a virtual meeting link. The attack vector has recently worked its way down to individuals at such a rate that Google had to take action last week.
Many phishing attacks use Microsoft documents or PDFs as part of the attack because they will typically make it through email filtering. A calendar invite attack uses a .ICS file for the same reason. Some email clients will even add a calendar invite to a user’s calendar before they respond to the invite. The attacks are even more convincing now that virtual meetings are the norm in the workplace, and employees are regularly invited to unusual virtual meetings.
Like SMS phishing when it first became popular, criminals are weaponizing a business tool that most people interact with daily and trust. Calendar phishing is a new attack vector that users may not know is a threat yet.
The tactic was used extensively in the first part of the year against personal user accounts to the extent that Google took action and added calendar invitations to their list of automatically filtered spam just last week. Users can also change account settings so only calendar invitations from known contacts automatically appear on their calendar. Calendar invitations from unknown users will still appear in the user’s email inbox but will not be added to the calendar without accepting the invitation.
Businesses should educate users on calendar phishing and remind them not to accept or click links in meeting invitations from contacts they do not recognize.
Quanexus IT Support Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.
