More than 75 widely known brands, including MasterCard, Uber, Unilever, and Disney, have been spoofed in fraudulent Calendly invites as part of an ongoing phishing attack campaign aimed at pilfering Google Workspace and Facebook Business account credentials, BleepingComputer reports.Illicit emails purporting to be from recruiters for popular brands include a link that redirects to a bogus Calendly landing page with a CAPTCHA, which subsequently leads to an adversary-in-the-middle phishing page for Google Workspace login session compromise, according to a Push Security analysis. Other variants of the scheme targeted Facebook Business credential theft and both Google and Facebook credential exfiltration via Browser-in-the-Browser attacks, said researchers, who discovered multiple anti-analysis mechanisms integrated into the phishing pages.Another Push Security report revealed that Google Ads Manager accounts have been subjected to a malvertising campaign involving a nefarious "Google Ads" ad result on Google Search, which redirected to a Google login screen-spoofing AiTM page.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds