Phishers now using .ics files to deliver spam/junk/phish garbage

This is a tactic I haven’t seen before. It sends the content of the typical phishing email to users via an .ics file, so if/when they open it, it adds it to their calendar in Outlook or other compatible programs and puts the text payload in the description of the event.

Phishers using .ics file attachments now to bypass spam filters

This might make it necessary to just block .ics attachments at the server-level. If all the content is in the .ics attachment in email, then Spamassassin and other checks might just leave it along. Ugh.

Leave a comment or reply