Phishing, Email security

New scam campaign exploits calendar invites to send bogus invoices

Intrusions harnessing calendar invites to spread fake invoice notices from U.S. cybersecurity firm Malwarebytes have been launched as part of a new scam campaign, Cybernews reports.

Attackers have been sending counterfeit Malwarebytes payment notifications with inflated renewal fees for an extended period as calendar invites in a bid to lure recipients into contacting them through the provided number, according to Malwarebytes Labs researchers. Victims establishing contact would then be lured into providing their payment card, banking information, and personal data, as well as sending money via cryptocurrency or gift cards. Further access to targeted computers is also achieved by threat actors by tricking victims into installing remote access tools.

Such a scheme should prompt immediate deactivation of the automated invite process and tighter security controls across calendar apps, including Gmail Calendar and Outlook Calendar.

"Don't engage with unsolicited events. Don't click links, open attachments, or reply to suspicious calendar events such as 'investment', 'invoice,' 'bonus payout,' 'urgent meeting' just delete the event," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds