Security News > 2022 > April > Phishing attacks exploit free calendar app to steal account credentials
Phishing attacks exploit free calendar app to steal account credentials.
Cybercriminals who specialize in phishing attacks like to point people to actual websites as much as possible.
In a report released Thursday, email security provider INKY describes a recent phishing campaign that took advantage of the Calendly calendar app to harvest sensitive account credentials from unsuspecting victims.
Clicking on that link would have brought the user to a webpage that looked like a Microsoft site but actually was set up to steal Microsoft account credentials.
The first attempt triggered an invalid password error, a known tactic in which the user is told that their credentials aren't valid but those credentials are actually harvested behind the scenes.
Also See Share: Phishing attacks exploit free calendar app to steal account credentials.
News URL
https://www.techrepublic.com/article/phishing-exploits-calendar-app/
Related news
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- Australian pension funds hit by wave of credential stuffing attacks (source)
- PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks (source)
- Phishing kits now vet victims in real-time before stealing credentials (source)
- iOS devices face twice the phishing attacks of Android (source)
- Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft (source)
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
- CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download (source)
- Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials (source)