Security News > 2022 > April > Phishing attacks exploit free calendar app to steal account credentials
Phishing attacks exploit free calendar app to steal account credentials.
Cybercriminals who specialize in phishing attacks like to point people to actual websites as much as possible.
In a report released Thursday, email security provider INKY describes a recent phishing campaign that took advantage of the Calendly calendar app to harvest sensitive account credentials from unsuspecting victims.
Clicking on that link would have brought the user to a webpage that looked like a Microsoft site but actually was set up to steal Microsoft account credentials.
The first attempt triggered an invalid password error, a known tactic in which the user is told that their credentials aren't valid but those credentials are actually harvested behind the scenes.
Also See Share: Phishing attacks exploit free calendar app to steal account credentials.
News URL
https://www.techrepublic.com/article/phishing-exploits-calendar-app/
Related news
- VPN vulnerabilities, weak credentials fuel ransomware attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Inside the incident: Uncovering an advanced phishing attack (source)
- 390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)
- FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks (source)
- 15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials (source)