This article discusses a sophisticated phishing campaign impersonating well-known brands through Calendly links to steal Google Workspace and Facebook credentials. The campaign employs AI-generated content, targeted malvertising, and anti-analysis tactics, making it highly effective for cybercriminal activities such as credential theft and reselling compromised accounts. #CalendlyPhishing #AiTM #GoogleWorkspace #FacebookCredentials
Keypoints
- Threat actors impersonate popular brands using Calendly links to lure targets.
- Phishing campaigns utilize AI tools to craft convincing emails and landing pages.
- Access to marketing accounts enables attackers to launch malvertising and monetization schemes.
- Variants of the campaign target both Google and Facebook accounts with sophisticated techniques.
- Recommendations include using hardware security keys and verifying URLs to prevent credential theft.