If the Calendly link is clicked, targets are presented with a Cloudflare prompt to appear legitimate and perform a security verification. They are then directed to a phishing page through Calendly to answer questions, select available dates and times, and submit contact information. Cyber threat actors exploit this campaign to potentially steal sensitive information or account login credentials, compromise pension plan accounts, update direct deposit information, transfer or release funds to attacker-controlled accounts, obtain remote access to the target’s system, or install malware.
Recommendations
- Refrain from opening attachments or clicking links delivered in meeting invites, even those from known contacts, unless they are expected and in line with an established relationship.
- Confirm the legitimacy of these requests by contacting the sender via a separate means of communication, such as by phone, using contact information obtained from NJDPB’s official website.
- Navigate directly to NJDPB’s official website to schedule an appointment and submit sensitive information.
- Use strong, unique passwords and enable multi-factor authentication where available, choosing authentication apps or hardware tokens over SMS text-based codes.
- Reduce your digital footprint so that threat actors cannot easily target you.
- Notify your organization’s IT department if you believe you received a suspicious calendar invite or if you clicked on a link or opened an attachment and suspect the communications may be malicious.
- Report malicious cyber activity to the NJCCIC and the FBI's IC3.
