Office 365 users target for calendar invite attack

Don Sharpe
by Don Sharpe
Author
0 Comments
Download PDF
Affiliate Disclosure

  • Cloud-based workforce collaboration tools are targets for hacking and phishing attacks.
  • Abnormal Security reported calendar phishing attacks aimed at Office 365 users. 
  • To learn about leveraging antivirus and data encryption tools, head on over to our comprehensive Cybersecurity section.
  • Alternatively, visit the Security & Privacy for tips and guides to help optimize your on-premise or cloud-based system security.
Calendar phishing attack

Many organizations around the globe have turned to cloud-based productivity and workforce collaboration tools to support remote working. Unfortunately, these platforms, for example, Office 365, have become an easy target for hacking and email phishing.

The cybersecurity firm Abnormal Security recently uncovered how malicious players built an Office 365 phishing site targeting remote workers that use the platform. Today, the company exposes a similar attack that exploits calendar invites.

As always, phishing attackers impersonate credible authorities, such as your employer, bank, or the government, to gain your trust. If you’re an Office 365 user, they could target you via any app or resource available on the platform.

Office 365 users a target for credentials theft

In this case, the attacker poses as personnel from the Wells Fargo security company. If you’re a target, the impersonator sends you an email stating that you need to update your account’s security key.

They have one objective: to steal sensitive information from you.

Financial institutions are always common targets for attackers. Access to a user’s sensitive information would allow an attacker to commit identity theft as well as steal any money associated with the account.

Next, the attacker warns that you have to update to the new combination to keep your account active. Of course, they say that to create a sense of urgency and get you to follow through with their malicious plan.

So, now you have to read an email attachment and follow the provided instructions.

But this attachment is actually a calendar invite (.ics file).Usually, these files hold scheduling data for calendar events. As an Office 365 user, the calendar invite may not initially look strange.

Apart from that, the invite includes a SharePoint page, which has a link you have to click to secure your account. Clicking on the link takes you to a fake Wells Fargo site instead.

The phishing page captures your account numbers, username, password, pin, and other sensitive personal info.

While Office 365 has multiple built-in security features, these can’t always catch all the threats to your personal information. So, it’s always good to exercise discretion and consult with your internal IT security team before responding to emails requiring sensitive information.

Have you dealt with any Office 365 security incident amid the COVID-19 crisis? Feel free to share your experience in the comments section below.