Discover Sublime
November 3, 2025
.svg)
Sublime’s Attack Spotlight series is designed to keep you informed of the email threat landscape by showing you real, in-the-wild attack samples, describing adversary tactics and techniques, and explaining how they’re detected. Get a live demo to see how Sublime prevents these attacks.
EMAIL PROVIDER: Microsoft 365, Google Workspace
ATTACK TYPE: ICS phishing
Over the past few weeks, we have observed a significant influx in phishing attacks that leverage calendar invitations (.ics attachments) to evade security solutions. What makes these attacks unique is that, depending on the settings of the target’s calendar, even if the email message is automatically quarantined by an email security solution, the calendar entry often remains on the targets calendar. We call this technique ICS phishing.
To prevent this new type of attack, we’ve released new ICS phishing functionality that removes malicious calendar invites from calendars just like we remove malicious emails from inboxes. More on that later.
ICS phishing takes advantage of functionality provided by Google Workspace and Microsoft 365 to automatically add invitations to calendars. In the case of Microsoft 365, it will also bring attachments from the email into the invitation. This gives attackers two payload delivery methods: the email itself and the calendar entry. We’ll look at a few examples below.
ICS phishing doubles the chance of attack success by putting both an email in the target’s inbox and a meeting on their calendar. In fact, calendar invites are still created even if the email message gets blocked by a secure email gateway or is sent to the Junk folder by an API email security solution. This creates a security gap, as removal of malicious calendar entries is not a common feature in email security solutions.
Sublime now supports automatic deletion of malicious or unwanted calendar events during message remediation. When a message is sent to quarantine, spam, or trash, Sublime will also delete corresponding events from Calendar – no setup required.
We’ll look at a few examples of ICS phishing, one with callback information in the body of the invitation and the others with various attached payloads.
This first message shows service abuse of FreeConferenceCall[.]com. In this attack, the threat actor has included specific instructions in the body of the message for the target to not use the legitimate conference call automatically generated by Free Conference Call and instead call the phone number within body message. This is a common technique used to deliver malicious instructions through a trusted service.
What makes this unique is the attached .ics file that was automatically attached by Free Conference Call. The meeting that it automatically puts on the target’s calendar contains all of the exact same phishing information, so even if the message is deleted, the attack continues.
In this next example, the financial-themed attack email contained a meeting invite, an attached PDF, and no body copy. When the meeting was automatically added to the target’s calendar, the PDF was automatically attached.
If the target opens the attached PDF, they are presented with a QR code that leads them to a credential phishing page.
With the exception of the meeting invitation delivery technique, all of the other tactics for evading detection (malicious QR code, Docusign impersonation, etc.) and driving interaction (financial gain, urgency, etc.) are standard for phishing attacks.
This last example features a malicious attached HTML file that was created with a phishing kit. The attack starts with a mostly empty message that contains a boilerplate confidentiality notice, a meeting invitation, and an attached HTML file. The message lets the target know that a domain they own is about to expire and they need to act urgently to prevent that.
The calendar entry that gets created in this case reinforces the potential impact by spanning the entire week of the outage.
The meeting has the same confidentiality notice and attached HTML file. That file is the malicious credential phishing payload. Interestingly, the meeting also contains fictional additional invitees, Administrator, IT Support Desk, and Finance to increase the sense of urgency.
If the target launches the HTML file, they are first taken to a fake Microsoft Domain Services splash page (since this message was about domain expiry). This is the phishing kit in use. It is hosting that page within the target’s /temp directory rather than sending them to a standard phishing site. All of the activity within the page is from JS code within the HTML file.
Then they finally land on a credential phishing page that impersonates a Microsoft-powered GoDaddy login page.
Sublime's AI-powered detection engine prevented the above attacks, keeping them out of inboxes and off of calendars. Here are some of the top signals from the attacks:
ASA, Sublime’s Autonomous Security Analyst, flagged these emails as malicious. Here is ASA’s analysis summary for the Free Conference Call example:
Depending on how email clients are configured, attackers may be able to add meetings to calendars without sending an email. To prevent these “silent” invitations, you can change the following org-wide settings:.
In Google Workspace Admin Console, go to Apps → Google Workspace → Calendar → Advanced settings. Set Add invitations to my calendar to “Invitations from known senders” or “Invitations users have responded to via email”.
Use PowerShell commands to set AutomateProcessing to None. This disables the “Calendar Attendant” from automatically processing invites.
ICS phishing is novel and on the rise – and it presents a unique challenge to email security solutions due to its two-pronged approach. To see how Sublime can keep these attacks out of your inboxes and off of calendars, get an expert demo today. To hear more about ICS phishing, listen to Sublime CEO and Co-Founder Josh Kamdjou's appearance on the Risky Business News Podcast.
If you enjoyed this Attack Spotlight, be sure to check our blog every week for new blogs, subscribe to our RSS feed, or sign up for our monthly newsletter. Our newsletter covers the latest blogs, detections, product updates, and more.
Read more Attack Spotlights:
Ahry is a Product Manager at Sublime. Previously, she co-founded DASH-ING, developing products for freelancers’ career growth. Before that, she worked in product at Ethos Life and data at Sequoia Capital.
Brandon is a Threat Detection Engineer at Sublime. He is a seasoned cybersecurity professional with over a decade of experience protecting internet users. Prior to Sublime, Brandon put his detection engineering expertise to use as a Sr. Staff Threat Analyst at Proofpoint.
Sublime releases, detections, blogs, events, and more directly to your inbox.
.svg)
See how Sublime delivers autonomous protection by default, with control on demand.
.svg)
.png)
