Intrusions harnessing calendar invites to spread fake invoice notices from U.S. cybersecurity firm Malwarebytes have been launched as part of a new scam campaign, Cybernews reports.Attackers have been sending counterfeit Malwarebytes payment notifications with inflated renewal fees for an extended period as calendar invites in a bid to lure recipients into contacting them through the provided number, according to Malwarebytes Labs researchers. Victims establishing contact would then be lured into providing their payment card, banking information, and personal data, as well as sending money via cryptocurrency or gift cards. Further access to targeted computers is also achieved by threat actors by tricking victims into installing remote access tools.Such a scheme should prompt immediate deactivation of the automated invite process and tighter security controls across calendar apps, including Gmail Calendar and Outlook Calendar."Don't engage with unsolicited events. Don't click links, open attachments, or reply to suspicious calendar events such as 'investment', 'invoice,' 'bonus payout,' 'urgent meeting' just delete the event," said researchers.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




