Phishing attacks exploit free calendar app to steal account information

Phishing attacks exploit free calendar app to steal account information

Unfortunately, there is a new phishing scam on the market that works with the help of a calendar app. This is how criminals manage to get hold of important data. Very often, the free application called Calendly is misused for this purpose. Often, invitations are also sent via email using this calendar app. However, the goal is to get the data.

Events and links

Although this scam seems relatively elaborate, it serves its purpose on the part of the targets as far as the criminal background is concerned. Via email, the victim receives a document that does not contain any text. Anyone who wants to look at the document falls into the trap. The above-mentioned app opens automatically. This is free of charge, in it there are created appointments. However, these created appointments are directly linked to the dangerous documents. Anyone who opens the document is redirected to a fake Microsoft page. There, you are supposed to enter your login data.

If this happens, the fraudster is happy to receive all the data. This private data is resold, but alternatively, it can cause some other damage. Google Workspace is also abused very often.

Best not to click anything

Basically, cyber criminals always try to link to a website that looks as genuine as possible. The appearance of legitimacy is maintained there. This way, it is possible to deceive the recipients as victims. However, the goal is always to get the victims' sensitive account data. That is exactly why the malicious links are hidden behind the scenes. Very often, they also arise in connection with the invitations to events at the moment. Anyone who wants to create an account for free with the app in order to use a free calendar can be affected. The invitation pages are therefore particularly tricky. Many campaigns have been launched in this direction. However, this event invitation is a fake. Therefore, the registration information should not be entered anywhere.

Login on wrong page

The user receives an information that his credentials are supposedly invalid. However, these are intercepted in the background. Although the developers of Calendly claim that security is a top priority, the problem has not been solved yet. Allegedly, there should be various warnings of anomalous traffic patterns in the future. It is also planned that fraudulent IP addresses should be tracked. Customers should be able to protect themselves with two-factor authentication. Basically, such phishing attacks also violate Calendly's terms of use, of course. These accounts will be terminated immediately upon discovery.

Nevertheless, perpetrators use a great many different tactics, including underhanded ones. Examples are:

  • The victim is dynamically forwarded
  • Email accounts are compromised
  • Credentials are intercepted
  • A brand is imitated

There are various ways to ensure that such phishing attacks can be intercepted via the Calendly app. Basically, the sender's display name in an email address should always be checked. Very often, it is not a Microsoft domain at all, but it appears as such. It helps to move the mouse cursor over the link to see the actual and real target. A password manager also makes sense in order to protect against the reading of credentials.