How to spot and avoid a new type of attack that targets your calendar.
Many of us rely on our calendars to keep our days on track. Unfortunately, online criminals are exploiting this trust. Here’s what you should know about a new cyberattack that targets your calendar.
Targeting our calendars
Chances are, you rarely hit “accept” when you receive a calendar invite via email. Instead, the event appears automatically on your calendar, especially when you use an integrated system like Outlook or Gmail. This is convenient because you don’t have to micromanage your schedule.
But you need to be careful, as this reliance could expose you to a new type of phishing attack.
A phishing attack is when criminals send a message that appears genuine. For example, they pretend to be from a bank with an urgent message that requires your immediate action. The message claims that your account is about to be frozen if you don’t act now. It then provides a link to click or an attachment to open. Other tricks include promises of discounts or vouchers, or notices about undelivered packages.
However, that link or attachment is actually a hidden payload, such as software that installs to your device to spy on you and steal login details.
People have become more aware of this tactic, so criminals are getting creative. They can use SMS, voice calls, WhatsApp messages, and other channels to launch phishing attacks. Now, they have figured out how to use calendars.
How the attack works
Security vendors recently started warning about this attack. Here is how it works:
- You receive an email that looks legitimate, such as from “Microsoft Administrator”, which includes a link or attachment.
- The email also has an event invite, which is automatically added to your calendar, including the link or attachment.
- You might not notice this addition. But at some point, you’ll get an alert from your calendar about a pending meeting.
- You check out the meeting, but there is no obvious information. Trying to figure out what it’s about, you click on the link or attachment in the meeting invite.
The result is a successful phishing attack because you assumed the meeting was legitimate.
How to avoid the attack
What should you do if you receive such an email? Here are steps to take:
- Delete the email. Do not click on the link or attachment.
- If the event was added to your calendar, open the entry on your calendar, select “Do not send a response” and decline the invitation.
- Do not under any circumstances click on any attachments or links in the event.
- Block the email that sent the message.
- Notify your security or IT people of the attack.
To stay safe from this attack, you can do the following:
- Disable the option in your email and calendar to auto-add events (here are instructions for different email clients and services).
- Activate multi-factor authentication (MFA) on your email account (here are instructions for Microsoft and Google).
If you clicked on a link or opened an attachment in such a message, immediately disconnect the device from the internet and contact your IT administrator. Do not use the device. Use a different and unaffected device to change the passwords of your critical accounts, such as your email.
These attacks originally surfaced a few years ago. But they have become much more common recently because of attackers using AI, and the wider use of online calendars. The same precautions apply: be vigilant, don’t click on links or attachments in haste, and use security features such as MFA as a second line of defence.
