Security News > 2022 > April > Phishing attacks exploit free calendar app to steal account credentials

Phishing attacks exploit free calendar app to steal account credentials.
Cybercriminals who specialize in phishing attacks like to point people to actual websites as much as possible.
In a report released Thursday, email security provider INKY describes a recent phishing campaign that took advantage of the Calendly calendar app to harvest sensitive account credentials from unsuspecting victims.
Clicking on that link would have brought the user to a webpage that looked like a Microsoft site but actually was set up to steal Microsoft account credentials.
The first attempt triggered an invalid password error, a known tactic in which the user is told that their credentials aren't valid but those credentials are actually harvested behind the scenes.
Also See Share: Phishing attacks exploit free calendar app to steal account credentials.
News URL
https://www.techrepublic.com/article/phishing-exploits-calendar-app/
Related news
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks (source)
- SonicWall firewall bug leveraged in attacks after PoC exploit release (source)
- New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- Russian phishing campaigns exploit Signal's device-linking feature (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)