Cybercriminals are scheduling fake meetings in people’s calendars - here’s why

Crooks are abusing Calendly to steal people’s credentials

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

If you receive acalendarinvite to view new fax documents, be careful - it’s most likely a phishing attack, attempting to obtain youridentityand login credentials for your corporate accounts.

The warning was given out by cybersecurity researchers from INKY which detailed the phishing campaign first detected toward the end of February 2022.

It all starts with a hijackedemailaccount, which uses a compromised identity to send out a message containing an invitation to “view newly received documents”, via a link.

We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time. Thank you for taking part.

Click here to start the survey in a new window«

Calendly hacked?

On the surface, it is aCalendlycalendar link. Calendly was most likely used, INKY believes, due to the fact that anyone can create a free account, without needing to enter their credit card details.

Here’s where the plot thickens. Calendly’s invite pages are customizable. That allowed crooks to create a fake fax document notification, with all of the usual fax attributes (number of pages, or file size, for example), after which they used the Add Custom Link feature to insert a malicious link on the event page.

Clicking on the “preview document” link takes the victim to the credential-harvesting page. In this particular example, the page is an impersonation ofMicrosoft. Hovering over the link shows where it really leads, though: https://dasigndesigns[.]com/ss/updation/index.html, a hijacked site, listed inGoogle, Firefox, and Netcraft threat feeds, INKY reminds.

What is phishing and how dangerous is it?>Watch out - that PayPal email could be a phishing attack>Google update looks to help you spot Workspace phishing scams

Should the victim enter their login credentials here, they would end up with the attackers, while the victim would see an error message claiming an incorrect password was entered. After the second attempt, the victim would be redirected to their own domain, something the researchers described as a “clever touch” that minimizes suspicion.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

INKY, in this example, was redirected back to inky.com

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

HPE reveals critical security bug affecting networking access points

A critical Palo Alto Networks bug is being hit by cyberattacks, so patch now

Ireland vs New Zealand live stream: how to watch 2024 rugby union Autumn International online from anywhere