Calendar invites used to hide phishing links

The Cofense Phishing Defense Center (PDC) has unearthed a new phishing campaign in multiple enterprise email environments protected by Proofpoint and Microsoft that delivers .ics calendar invite attachments containing phishing links in the body. The researchers assume that the attackers believe putting the URL inside a calendar invite would help the messages to avoid automated analysis. The email carries a subject line of 'Fraud Detection from Message Center' in order to attract curious users. The sender display name is 'Walker', but the email address appears to be legitimate, possibly indicating a compromised account belonging to a school district. Cofense has… [Continue Reading]