Security News > 2022 > March > Calendly actively abused in Microsoft credentials phishing
Phishing actors are actively abusing Calendly to kick off a clever sequence to trick targets into entering their email account credentials on the phishing page.
The phishing attack begins with phishing emails generated on the Calendly platform that inform the recipient they received new Fax documents.
To create these emails, the threat actors abused a Calendly feature that allows users to create customized invite emails and an "Add Custom Link" function to insert a malicious link on the event page.
This is a widespread trick in phishing campaigns today, as forcing the user to enter their credentials twice minimizes the chances of stealing passwords with typo errors and sometimes even helps in snatching two account credentials.
Although this is the first time phishing actors have abused the Calendly platform, all other tricks employed in this campaign are pretty standard.
Two obvious signs of fraud in this campaign are the requirement to use Microsoft SharePoint credentials to view Calendly-hosted content and the URL on the phishing page, which is neither on the Microsoft nor on the Calendly domains.
News URL
Related news
- Criminal IP: Bringing Real-Time Phishing Detection to Microsoft Outlook (source)
- New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- Microsoft SharePoint Connector Flaw Could've Enabled Credential Theft Across Power Platform (source)
- Hackers spoof Microsoft ADFS login pages to steal credentials (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)