Cybercriminals are constantly evolving their tactics, and recent trends show a surge in social engineering attacks leveraging tools we use every day—like calendar invites and remote access software. The New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) has highlighted two concerning schemes that users should be aware of: calendar invite phishing campaigns and debt collection lures.
Calendar Invites as Phishing Vectors
While email phishing is well-known, cybercriminals are now increasingly using calendar invites to bypass traditional email security filters. The NJCCIC reports incidents where attackers impersonated representatives of the New Jersey Division of Pensions and Benefits. These threat actors not only called potential victims but also sent calendar invites via tools like Calendly, and in some cases, compromised users’ email accounts to send invites to their contacts.
These malicious calendar invites often contain:
- Phishing links directing users to websites that request sensitive information or login credentials.
- Attachments that may install malware on the user’s system.
The goals of these attacks vary, from stealing personal information and committing financial fraud to gaining remote access to systems.
Recommendations:
- Verify unexpected meeting invites with the sender using a separate communication channel.
- Avoid clicking on links or opening attachments in meeting invites unless expected and trusted.
- Report suspicious invites to your organization’s IT team immediately.
- For a deeper dive into this attack vector, see the Rapid7 blog: When Your Calendar Becomes the Compromise.
Debt Collection Lures Using Legitimate Remote Access Tools
Another alarming trend involves deceptive debt collection emails designed to trick users into downloading malicious software. In recent campaigns, emails claim the recipient owes a debt, often using urgent subject lines like:
- “Urgent Reminder Posted — Resolve Instantly”
- “Critical! Final Notice — Act Immediately”
- “Attention! Payment Demand — Clear Balance”
Victims are directed to intermediate PDFs hosted on platforms like Google Drive, which then instruct them to download legitimate remote monitoring and management (RMM) tools such as Syncro MSP or LogMeIn Resolve. While these tools are typically used for IT administration, in these contexts, they can function as remote access trojans (RATs), giving attackers full access to the victim’s system.
Recommendations:
- Include these phishing techniques in user awareness training.
- Restrict the use of remote access tools to only those sanctioned by your organization.
- Never respond to unsolicited messages, click suspicious links, or open attachments from unknown senders.
- Confirm requests via verified contact information from official sources.
- Keep systems patched and up to date after proper testing.
- Report phishing or other malicious activity to the NJCCIC and the FBI’s IC3.
Stay Vigilant
Cybersecurity is an ongoing challenge, and attackers are becoming increasingly sophisticated. Calendar invites and remote access tools—normally considered routine and safe—are now being weaponized. By staying informed, verifying unexpected communications, and following best practices, individuals and organizations can reduce the risk of falling victim to these evolving threats.
For more information, review NJCCIC’s resources:
- Don’t Take the Bait! Phishing and Other Social Engineering Attacks
- Rapid7’s When Your Calendar Becomes the Compromise