Phishing Alert: Calendar-Based Phishing Attack

Trinity’s security team and the higher education cybersecurity community have identified a sophisticated phishing campaign targeting employees through malicious calendar invitations. These invitations bypass traditional email filters by embedding phishing content within calendar events that automatically appear in Outlook calendars.

What It Looks Like:

• Calendar invitations with urgent subject lines like “Final Notice: Payroll Acknowledgment Required”
• The sender appears to be from your own email address or trincoll.edu
• Events include suspicious attachments (Word documents, PDFs)
• Language creates false urgency with “action required”
• May reference HR, payroll, or other business-critical topics

Examples:

• Subject: “[dollar amount] USD will be autopaid within 12 hours”
• Calendar Event: “Final Notice: Payroll Acknowledgment Required”
• Attachment: Word documents with names like “Trino365-HR-package.docx”
• Sender: Spoofed to appear from your own email address

How It Works:

• Phishing emails contain a calendar invitation (.ics file)
• Upon receipt, the calendar event automatically appears in your Outlook calendar
• Events include malicious attachments or links
• Calendar integration creates false legitimacy
• Uses social engineering to prompt immediate action

IF YOU RECEIVE A SUSPICIOUS CALENDAR INVITATION:

• DO NOT OPEN any attachments
• DO NOT click any links in the calendar event
• If you clicked any links or entered any information, please reset your password as a precaution. Then, notify us of what happened by describing it in your email in the next step.
• Send the meeting info (sender, subject, body) to [email protected]
• DELETE the meeting from your calendar

For any inquiries, please contact the help desk via email at [email protected] or visit the LITS help desk in person.