Phishing is seen as a threat that occurs via email, text messages, social media, and other messaging platforms. Since many phishing attacks are delivered by email, email is often the focus of employee awareness training, and employees know to be on their guard when receiving a message that looks potentially suspicious.
However, other platforms and mobile applications are also capable of delivering malicious links or attachments carrying malware. With security efforts focused on email and messaging platforms, cyber threat actors have expanded their techniques to take advantage of platforms where targets are less on their guard, such as the iPhone Calendar app.
The iPhone calendar app is automatically installed on all Apple devices. The purpose of the app is to allow iPhone users to schedule meetings and track other events in a single, convenient place. With support for reminders, the Calendar app helps to ensure that users don’t miss an event that they may have forgotten about or not been directly informed of.
Calendar apps like the one installed on iPhones allow third parties to place events on a person’s calendar. During the pandemic, people became accustomed to receiving and accepting invites for online business meetings, visits with friends, and more. These meetings commonly include a link to a videoconferencing application (Zoom, Google Meet, etc.) that a user can click to join the meeting.
Scammers have begun using the Calendar app in their phishing attacks, inviting iPhone users to meetings or events. These events may contain a malicious link or include an attachment with malicious content. If the user clicks on the link or opens the attachment, it may install malware on their device or attempt to steal login credentials and other sensitive information.
The iPhone calendar app is an ideal vector for phishing attacks. Some of the advantages of iPhone calendar spam for attackers include:
iPhone Calendar spam is simply another way to carry out phishing attacks that attempt to evade an organization’s anti-phishing defenses and catch users off of their guard. Some ways in which organizations and employees can improve their mobile security and protect against these attacks include:
The objective of iPhone Calendar spam is to trick users into installing malware on their devices or revealing sensitive information. This may include clicking on a malicious link, opening an attachment, or downloading and running software that claims to be a videoconferencing application. Check Point’s Harmony Mobile solution helps to block downloads originating from malicious URLs that may have been delivered to employees’ mobile devices by using iPhone Calendar spam.
iPhone Calendar spam is one of many threats to an organization’s mobile and BYOD devices. Learn more about the mobile threat landscape in Check Point’s Mobile Security Report.
This buyer’s guide to mobile security outlines the key capabilities that a mobile security solution must offer to protect against modern mobile threats. After reading it, sign up for a free trial of Check Point Harmony Mobile to see for yourself how it can protect your organization against iPhone Calendar spam and other mobile threats.