As reported by HackRead, cybercriminals are leveraging work schedules against individuals by exploiting calendar invites to hijack accounts, according to a new report from Fortra Intelligence and Research Experts (FIRE). This sophisticated attack method, known as CalPhishing, bypasses traditional security controls by embedding malicious content directly into a user's calendar.The CalPhishing campaign, active since early 2026, begins with an email appearing to be an urgent administrative alert. This email contains an iCalendar (.ics) file that automatically adds a "tentative" meeting to the victim's Outlook calendar without the user needing to open the original email. Hackers then manipulate fields like SUMMARY, LOCATION, and DESCRIPTION within the meeting invite to create a sense of urgency and direct users to malicious HTML files. These files often mimic legitimate admin portals or login pages for services like Microsoft 365 or DocuSign, using Cloudflare redirects to evade detection.A key concern is the use of ConsentFix, or device code phishing, which allows attackers to steal session tokens, bypassing multi-factor authentication. The EvilTokens phishing kit, reportedly sold on Telegram, is believed to automate this process. The persistence of these attacks is high, as standard security tools often trust .ics files, and meetings remain on calendars unless explicitly hard-deleted. FIRE researchers suggest that AI automation is likely used to scale these attacks, making them a significant threat to account security and data privacy.Source: HackRead
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




