HackRead: CalPhishing Scam Uses EvilTokens Kit, Outlook Invites to Steal M365 Sessions

Daud Jawad from the Fortra Intelligence and Research Experts (FIRE) team was featured in a recent HackRead article examining a new calendar‑based phishing campaign targeting Microsoft 365 users. The article draws on FIRE research to explain how attackers use malicious Outlook calendar invites and device code phishing to steal session tokens, bypass multi‑factor authentication, and gain persistent access to enterprise accounts. It walks through the full attack chain, including the abuse of trusted iCalendar files, fake admin portals, and phishing kits like EvilTokens, and highlights why these attacks are difficult for traditional email security tools to detect. 

Originally published in HackRead. 

Excerpt: “The FIRE team believes hackers are using AI automation to send these invites at a high volume. Because the meeting remains on the calendar unless a Hard-Delete is performed, victims remain vulnerable long after the initial email is gone.”