When Your Calendar Becomes The Compromise
Rapid7, Thursday, November 6th, 2025
It starts innocently enough. A new meeting appears in your Google calendar and the subject seems ordinary, perhaps even urgent: 'Security Update Briefing,' 'Your Account Verification Meeting,' or 'Important Notice Regarding Benefits.' You assume you missed this invitation in your overloaded email inbox, and click 'Yes' to accept.
Unfortunately, calendar invites have become an overlooked delivery mechanism for social engineering and phishing campaigns. Attackers are increasingly abusing the .ics file format, a universally trusted, text-based standard to embed malicious links, redirect victims to fake meeting pages, or seed events directly into users' calendars without interaction.