Phishing Campaign Targets Ad Manager Accounts via Fake Calendly Invites
Summary
Hide ▲
Show ▼
A sophisticated phishing campaign impersonates top brands like Unilever, Disney, and MasterCard using fake Calendly invites to steal Google Workspace and Facebook Business account credentials. The campaign, discovered by Push Security, targets ad manager accounts to launch malvertising, AiTM phishing, and malware distribution campaigns. Access to these accounts allows threat actors to execute geo-targeted attacks and potentially resell compromised accounts for monetization. The phishing emails, crafted using AI tools, impersonate legitimate recruiters and direct victims to fake Calendly landing pages with CAPTCHA and AiTM phishing pages. The campaign employs anti-analysis mechanisms and Browser-in-the-Browser (BitB) attacks to enhance its effectiveness. Push Security identified 31 unique URLs and additional variants targeting both Google and Facebook credentials. Simultaneously, a malvertising campaign targets Google Ads Manager accounts through malicious sponsored ads.
Timeline
-
02.12.2025 16:00 1 articles · 23h ago
Phishing Campaign Targets Ad Manager Accounts via Fake Calendly Invites
A sophisticated phishing campaign impersonates top brands like Unilever, Disney, and MasterCard using fake Calendly invites to steal Google Workspace and Facebook Business account credentials. The campaign, discovered by Push Security, targets ad manager accounts to launch malvertising, AiTM phishing, and malware distribution campaigns. Access to these accounts allows threat actors to execute geo-targeted attacks and potentially resell compromised accounts for monetization. The phishing emails, crafted using AI tools, impersonate legitimate recruiters and direct victims to fake Calendly landing pages with CAPTCHA and AiTM phishing pages. The campaign employs anti-analysis mechanisms and Browser-in-the-Browser (BitB) attacks to enhance its effectiveness. Push Security identified 31 unique URLs and additional variants targeting both Google and Facebook credentials. Simultaneously, a malvertising campaign targets Google Ads Manager accounts through malicious sponsored ads.
Show sources
- Fake Calendly invites spoof top brands to hijack ad manager accounts — www.bleepingcomputer.com — 02.12.2025 16:00
Information Snippets
-
The phishing campaign impersonates over 75 brands, including LVMH, Lego, Mastercard, and Uber.
First reported: 02.12.2025 16:001 source, 1 articleShow sources
- Fake Calendly invites spoof top brands to hijack ad manager accounts — www.bleepingcomputer.com — 02.12.2025 16:00
-
The campaign uses fake Calendly invites to direct victims to phishing pages that steal Google Workspace and Facebook Business credentials.
First reported: 02.12.2025 16:001 source, 1 articleShow sources
- Fake Calendly invites spoof top brands to hijack ad manager accounts — www.bleepingcomputer.com — 02.12.2025 16:00
-
Access to marketing accounts enables threat actors to launch malvertising campaigns, AiTM phishing, and malware distribution.
First reported: 02.12.2025 16:001 source, 1 articleShow sources
- Fake Calendly invites spoof top brands to hijack ad manager accounts — www.bleepingcomputer.com — 02.12.2025 16:00
-
The phishing pages include anti-analysis mechanisms such as blocking VPN and proxy traffic and preventing the use of developer tools.
First reported: 02.12.2025 16:001 source, 1 articleShow sources
- Fake Calendly invites spoof top brands to hijack ad manager accounts — www.bleepingcomputer.com — 02.12.2025 16:00
-
Push Security identified 31 unique URLs and additional variants targeting both Google and Facebook credentials.
First reported: 02.12.2025 16:001 source, 1 articleShow sources
- Fake Calendly invites spoof top brands to hijack ad manager accounts — www.bleepingcomputer.com — 02.12.2025 16:00
-
A simultaneous malvertising campaign targets Google Ads Manager accounts through malicious sponsored ads.
First reported: 02.12.2025 16:001 source, 1 articleShow sources
- Fake Calendly invites spoof top brands to hijack ad manager accounts — www.bleepingcomputer.com — 02.12.2025 16:00