Good afternoon,
Penn’s security team has identified a sophisticated phishing campaign targeting employees through malicious calendar invitations. This attack bypasses traditional email filters by embedding phishing content within calendar events that automatically appear in Outlook calendars.
What It Looks Like:
- Calendar invitation with urgent subject lines like "Final Notice: Payroll Acknowledgment Required"
- Sender appears to be from your own email address or upenn.edu
- Event includes suspicious attachments (Word documents, PDFs)
- Creates false urgency with "action required" language
- May reference HR, payroll, or other business-critical topics
- Examples:
- Subject: "Penno365 Please complete without delay - Employee ID-[number]"
- Calendar Event: "Final Notice: Payroll Acknowledgment Required"
- Attachment: Word documents with names like "Penno365-HR-package.docx"
- Sender: Spoofed to appear from your own email address
How It Works:
- Phishing email contains a calendar invitation (.ics file)
- When email is received, the calendar event automatically appears in your Outlook calendar
- Event includes malicious attachments or links
- Creates false legitimacy through calendar integration
- Uses social engineering to prompt immediate action
IF YOU RECEIVE A SUSPICIOUS CALENDAR INVITATION:
- DO NOT OPEN any attachments
- DO NOT click any links in the calendar event
- Send the meeting info (sender, subject, body) to ithelp@design.upenn.edu
- DELETE the meeting from your calendar
If you have any questions, please contact ithelp@design.upenn.edu or stop by the helpdesk in Meyerson 325
Thank you,
Weitzman IT Services
