{"id":18642,"date":"2022-03-31T12:10:07","date_gmt":"2022-03-31T20:10:07","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2022\/03\/31\/news-12375\/"},"modified":"2022-03-31T12:10:07","modified_gmt":"2022-03-31T20:10:07","slug":"news-12375","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2022\/03\/31\/news-12375\/","title":{"rendered":"Phishers make a date with your calendar apps"},"content":{"rendered":"<p><strong>Credit to Author: Christopher Boyd| Date: Thu, 31 Mar 2022 19:31:07 +0000<\/strong><\/p>\n<p>Calendars are a rich source of bad behaviour for scammers and spammers. They\u2019re one of the most prolific tools the workplace has for collaborative actions and general cross-purpose messaging. They\u2019ve been misused by bad actors for many years now, most commonly spamming unwary potential victims and leading them to bad times ahead.<\/p>\n<h2>A brief history of calendar connivances<\/h2>\n<p>Scammers abuse pretty much any beneficial feature you can think of in order to get the job done. In 2016, Mac spammers made use of <a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2016\/11\/calendar-spam-on-apple-systems\/\">the ability to suggest events found in other apps<\/a>. They also fired calendar invites to people\u2019s iCloud addresses, meaning the spam would hit the calendar and the notification center.<\/p>\n<p>In 2021, iPhone calendar spam was <a href=\"https:\/\/blog.malwarebytes.com\/malwarebytes-news\/2021\/05\/iphone-calendar-spam-attacks-on-the-rise\/\">on the up<\/a> with fake infection\/pornographic spam giving device owners major headaches. Bogus CAPTCHA spam and redirects to device cleaning tools were less than appreciated.<\/p>\n<p>Just this year, we had something resembling an update to the tried and tested calendar methods with <a href=\"https:\/\/blog.malwarebytes.com\/privacy-2\/2022\/03\/google-takes-on-docs-notification-spammers\/\">comment spam in shared Google documents<\/a>.<\/p>\n<p>These tactics have been around for many years. Witness 419 scammers <a href=\"http:\/\/sunbeltblog.eckelberry.com\/seen-in-the-wild-419-scammers-now-using-calendar-invites\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">misusing Google calendar invites in 2011<\/a>, or even <a href=\"http:\/\/sunbeltblog.eckelberry.com\/using-yahoo-calendar-to-spam\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">using Yahoo! Calendar to spam<\/a> in 2009. If there\u2019s a calendar with any form of sharing functionality, you can bet someone will be along shortly to post invites you don\u2019t need. What\u2019s the latest in unwanted calendar spam messaging land?<\/p>\n<h2>Calendar app spam leads to phishing pages<\/h2>\n<p>Many tools use calendar apps\/plugins for additional features and functionality. Calendly is one such app which provides Zoom integration, website embedding, and more. It\u2019s free and easy to sign up which means scammers will try to abuse it however they can.<\/p>\n<p>According to Bleeping Computer, it\u2019s been <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/calendly-actively-abused-in-microsoft-credentials-phishing\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">abused to send phishing missives<\/a>. The example given shows a supposed fax message which claims \u201cYou have received a new fax document\u201d. It also lists page count, size, and a clickable link to preview the document in question.<\/p>\n<p>The landing page for these links is a blurred document with a bogus Microsoft login popup box which claims \u201conly recipient email can access shared files\u201d. It also has potential victims enter details twice, presumably to make sure they\u2019re definitely entering usable credentials.<\/p>\n<p>The phish routine ends with that time honoured process of redirecting the phished individual to a real website afterwards. This is to make them think there\u2019s nothing untoward going on, unaware that they\u2019ve handed over login details to a faker.<\/p>\n<h2>Dodging bogus calendar invites<\/h2>\n<p>This is, of course, a very bad and sneaky thing to do. While some folks may be aware of more general spam and nonsense sent their way via Google Calendar, they might not suspect the same thing can happen via other platforms. As Bleeping Computer notes, a password manager with login functionality will help as the mismatch in URLs means login details will stay safely tucked away from harm\u2019s reach.<\/p>\n<p>It\u2019s also possible the slightly unnatural approach to \u201cdocument\u201d sending may work against the spammers here. Do people typically send you important documents by email, or by third party calendar app messaging? If it\u2019s the former, and it likely is, then this should be enough to set alarm bells ringing.<\/p>\n<p>As with all these attacks, the key is to remain calm. Don\u2019t rush to open the document. Check who it claims to be from. Is it a stranger? Or someone you know? If it\u2019s someone you know, it\u2019s time to do some outreach and double check if the document is what it appears to be. Last but not least, make use of any available security\/privacy features your calendar may possess. It could be the difference between a clutter free week ahead or days of skipping through rogue invitations.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/malwarebytes-news\/2022\/03\/phishers-make-a-date-with-your-calendar-apps\/\">Phishers make a date with your calendar apps<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/malwarebytes-news\/2022\/03\/phishers-make-a-date-with-your-calendar-apps\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Christopher Boyd| Date: Thu, 31 Mar 2022 19:31:07 +0000<\/strong><\/p>\n<p>Phishers are abusing calendar apps to send people bogus links which lead to phishing pages.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/malwarebytes-news\/2022\/03\/phishers-make-a-date-with-your-calendar-apps\/\">Phishers make a date with your calendar apps<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[24015,25566,10546,10516,10511,3924],"class_list":["post-18642","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-calendar","tag-calendly","tag-malwarebytes-news","tag-microsoft","tag-phish","tag-phishing"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18642","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=18642"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18642\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=18642"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=18642"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=18642"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}