EXCLUSIVE: CALENDAR PHISHING SCAM WEAPONIZES FAKE MALWAREBYTES BILLS IN ALARMING NEW SOCIAL ENGINEERING ATTACK
A sophisticated new phishing campaign is hijacking your digital calendar to launch a high-pressure financial scam. Cybersecurity researchers have identified a wave of fake calendar invites impersonating the antivirus giant Malwarebytes, designed to panic users into calling fraudulent "billing support" numbers. This marks a dangerous evolution in social engineering, moving beyond malicious links to real-time voice manipulation.
The fake invites contain alarming details of a supposed multi-year, several-hundred-dollar renewal charge. The entire exploit is crafted to trigger an immediate, panicked reaction, bypassing critical thinking. The description mimics a receipt, but the only call to action is a phone number, urging the victim to call instantly to dispute the charge. This shift from click-to-call is a calculated move by threat actors to apply live pressure.
Once on the call, the scammer has a victim in real time. The endgame is a classic data breach via voice: extracting payment details, coercing the installation of remote-access malware, or even manipulating a direct crypto transfer. Experts warn this method is far more effective than standard email phishing. "This is psychological warfare," stated a senior threat analyst. "They create a crisis to bypass all your digital defenses. Your calendar, a tool you trust, becomes the delivery mechanism for the ransomware precursor."
For businesses, this represents a critical endpoint security vulnerability. An employee receiving such an invite on a shared corporate calendar could inadvertently trigger a massive incident. The scam's reliance on human emotion makes traditional blockchain security or advanced threat detection useless in the initial moment of panic. Everyone is a target.
We predict a surge in these calendar-based exploits targeting other major software brands. The zero-day here isn't a technical flaw—it's the human instinct to resolve a shocking financial alert. Until platforms lock down calendar invite protocols, your schedule is a new attack surface.
Your calendar just became your weakest link. Verify, never panic.
