Security News > 2022 > April > Phishing attacks exploit free calendar app to steal account credentials

Phishing attacks exploit free calendar app to steal account credentials.
Cybercriminals who specialize in phishing attacks like to point people to actual websites as much as possible.
In a report released Thursday, email security provider INKY describes a recent phishing campaign that took advantage of the Calendly calendar app to harvest sensitive account credentials from unsuspecting victims.
Clicking on that link would have brought the user to a webpage that looked like a Microsoft site but actually was set up to steal Microsoft account credentials.
The first attempt triggered an invalid password error, a known tactic in which the user is told that their credentials aren't valid but those credentials are actually harvested behind the scenes.
Also See Share: Phishing attacks exploit free calendar app to steal account credentials.
News URL
https://www.techrepublic.com/article/phishing-exploits-calendar-app/
Related news
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- How New AI Agents Will Transform Credential Stuffing Attacks (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials (source)
- New Ad Fraud Campaign Exploits 331 Apps with 60M+ Downloads for Phishing and Intrusive Ads (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)