Once the victim clicks the link, they are taken to a fake Calendly landing page that presents a CAPTCHA, followed by an AiTM phishing page that attempts to steal visitors’ Google Workspace login sessions.
How is the phishing page able to steal the Google Workspace session? or do they mean it presents a fake login form to get username/password?
at a guess I assume they request a local to them session using the response from you. so you don’t go into google workspace they do but they should theoretically not have the credentials and once logged out should not be able to get back in. Im completely guessing here though. I was wondering why anyone would click on a calendarly invite for something that was not setup with some convo though.
How is the phishing page able to steal the Google Workspace session? or do they mean it presents a fake login form to get username/password?
at a guess I assume they request a local to them session using the response from you. so you don’t go into google workspace they do but they should theoretically not have the credentials and once logged out should not be able to get back in. Im completely guessing here though. I was wondering why anyone would click on a calendarly invite for something that was not setup with some convo though.