Health-ISAC explains how CalPhishing is emerging as an evasive social engineering threat that uses calendar invites to bypass traditional email defenses. The publication highlights research from the Fortra Intelligence Research Expert (FIRE) team, which first identified this tactic and its use of .ics files and ConsentFix to steal session tokens and bypass MFA. The core issue is that attackers exploit trusted calendar workflows and persistence mechanisms that remain even after emails are deleted. This matters because it increases risk to sensitive healthcare data like PHI and requires organizations to strengthen controls, improve user awareness, and update response processes.
Excerpt:
"Threat actors are exploiting the automatic processing features of enterprise calendar applications (like Microsoft Outlook and Google Calendar) to deliver malicious links directly into employees’ daily schedules." — Health-ISAC
Read the full article in Health-ISAC.
