If you receive a calendar invite to view new fax documents, be careful – it’s most likely a phishing attack, attempting to obtain your identity and login credentials for your corporate accounts.
It all starts with a hijacked email account, which uses a compromised identity to send out a message containing an invitation to “view newly received documents”, via a link.
In today’s digital landscape, receiving a calendar invite for a meeting is as common as checking your email. However, amidst the sea of legitimate invites lies a new threat targeting Mac users. Hackers have now found a way to exploit calendar invites and meeting links, using them as vectors to inject malware onto unsuspecting systems.
Cyber criminals are leveraging the popularity of scheduling tools like Calendly to execute their nefarious schemes. Unlike traditional malware attacks focused on financial gain, this tactic aims to compromise users’ systems for cryptocurrency theft.
Moreover, these malicious actors are employing sophisticated social engineering tactics, presenting fake video conference links to lure unsuspecting victims into clicking. The days of Mac users feeling immune to malware threats are officially behind us.
However, all hope is not lost. By practicing vigilant cyber hygiene and exercising caution before clicking on any suspicious links or invites, Mac users can shield themselves from falling prey to these insidious malware infections. Here is another example of the most recent Calendly link cybersecurity shenanigans:
If you receive a calendar invitation to see fresh fax papers, be cautious: it’s almost certainly a phishing effort to steal your identity and login credentials for your corporate accounts.
INKY cybersecurity researchers issued the warning, which revealed the phishing effort that was initially discovered at the end of February 2022.
It all starts with a hacked email account that sends out a message inviting recipients to “see newly received documents” via a URL using a compromised identity.
It appears to be a Calendly calendar link at first glance. Calendly was most likely used, according to INKY, because anyone may sign up for a free account without having to provide their credit card information.
The plot thickens at this point. The invite pages on Calendly can be customized. The Add Custom Link function allowed criminals to construct a fake fax document notification with all of the standard fax data (number of pages or file size, for example), then inject a malicious link on the event page using the Add Custom Link tool.
The victim is taken to the credential-harvesting page after clicking on the “preview document” link. The page in this instance is a spoof of Microsoft. However, hovering over the link reveals where it leads: INKY cautions users of https://dasigndesigns[.]com/ss/update/index.html, a hijacked site that is listed in Google, Firefox, and Netcraft threat feeds.
If the victim enters their login credentials here, the attackers will receive them, and the victim will receive an error message stating that an invalid password was input. The victim would be sent to their site after the second attempt, which the researchers regarded as a “smart touch” that reduces the suspicion.