logo

The Silent Invitation: A Deep Dive into Calendar Invite Phishing

ID: d044bb29-7bd8-554c-afae-552a9efb5698

STIX ID: report--d044bb29-7bd8-554c-afae-552a9efb5698

Feed Name: KnowBe4 Blog

Threat Score
70/100

Date Published: 2026-06-05

Date Updated: 2026-06-05

Author: KnowBe4 Threat Lab

...
...

KnowBe4 Threat Labs analyzes an escalating global calendar-invite phishing campaign that exploits default calendar behaviors (auto-accept and uninspected .ics metadata) and platform trust to bypass email defenses. Attackers use four vectors—vishing/payment lures, fake Zoom updates that drop RMM agents, platform impersonation with AiTM credential-harvesting pages, and internal-company impersonation—to achieve credential theft or persistent remote access; the report describes the delivery-to-exploitation lifecycle and recommends controls such as .ics inspection, link sandboxing, disabling auto-accept, strict sender verification, and risk-first training.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.