Phishing Hackers exploit calendar invites to hijack accounts using CalPhishing May 18, 2026 Share By SC Staff As reported by HackRead, cybercriminals are leveraging work schedules against individuals by exploiting calendar invites to hijack accounts, according to a new report from Fortra Intelligence and Research Experts (FIRE). This sophisticated attack method, known as CalPhishing, bypasses traditional security controls by embedding malicious content directly into a user's calendar. The CalPhishing campaign, active since early 2026, begins with an email appearing to be an urgent administrative alert. This email contains an iCalendar (.ics) file that automatically adds a "tentative" meeting to the victim's Outlook calendar without the user needing to open the original email. Hackers then manipulate fields like SUMMARY, LOCATION, and DESCRIPTION within the meeting invite to create a sense of urgency and direct users to malicious HTML files. These files often mimic legitimate admin portals or login pages for services like Microsoft 365 or DocuSign, using Cloudflare redirects to evade detection. A key concern is the use of ConsentFix, or device code phishing, which allows attackers to steal session tokens, bypassing multi-factor authentication. The EvilTokens phishing kit, reportedly sold on Telegram, is believed to automate this process. The persistence of these attacks is high, as standard security tools often trust .ics files, and meetings remain on calendars unless explicitly hard-deleted. FIRE researchers suggest that AI automation is likely used to scale these attacks, making them a significant threat to account security and data privacy. Source: HackRead SC Staff Related Phishing FIFA World Cup scams target fans and businesses SC Staff May 18, 2026 Cybercriminals are using fake ticketing, accommodation, and transportation apps to trick fans into divulging login credentials or losing money. Phishing Cofense unveils AI-driven platform to combat polymorphic phishing campaigns SC Staff May 14, 2026 The company's latest offerings focus on campaign-level responses rather than individual email analysis. Vision 3.2, a key component, utilizes clustering and pattern matching to detect sophisticated attacks that vary content, senders, and delivery methods. Phishing Signal enhances security with new features to combat phishing attacks SC Staff May 13, 2026 The messaging app is implementing several new features to protect users from scams, particularly those impersonating Signal Support. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe You can skip this ad in 5 seconds