Daud Jawad, Security Engineer at Fortra, authored a recent Techcronicler article exploring the evolution of calendar invite phishing and its growing use alongside ConsentFix, a device code–based phishing technique. In the piece, Daud explains how CalPhishing moves phishing activity out of the inbox and into calendar workflows, creating persistence, familiarity, and trust that can bypass traditional email security controls. He details four observed CalPhishing types, explains how attackers abuse legitimate Microsoft authentication flows through ConsentFix, and outlines practical steps organizations and individuals can take to reduce the risk of token theft and account takeover.
Originally published in Techronicler.
Excerpt: “CalPhishing is being used as a trust layer, a persistence layer, and in many cases, it is the first step into an authentication flow. Instead of relying on the email body to persuade the user, the attacker shifts the context into the calendar invite itself. The invite becomes persistent, familiar, and action-oriented.”
Techronicler: CalPhishing and ConsentFix: The New Playbook for Persistent, Trust-Based Cyber Attacks
Posted on May 26, 2026
