Meeting invites are among the most trusted messages in a corporate inbox. They’re part of the background noise of modern work—routine, ordinary, and rarely questioned. But that familiarity has turned them into an ideal delivery vehicle for a new class of phishing attacks.

Abnormal AI recently observed a new phishing campaign in which threat actors don’t just try to steal login credentials—they trick users into authorizing a malicious OAuth application, granting persistent access to Microsoft 365 data. Disguised as legitimate Teams invitations, the emails contain links redirecting targets to a fake Microsoft login page hosted on a compromised Azure Web App domain.

By combining user trust with OAuth abuse, attackers can compromise cloud identities and maintain access long after passwords are changed.

The campaign involves messages crafted to mimic Microsoft’s standard meeting notifications. The threat actor used a spoofed meeting reminder with the subject line, “[EXTERNAL] Reminder of Scheduled Meeting.”

The email purports to originate from “Teams HR Customer” but is actually sent from the external address frassionotobatt20@gmx[.]de, hosted by GMX Mail in Germany. GMX is a free consumer email service that allows a single account to present up to ten different sender addresses as aliases. This makes it easy for attackers to rotate identities without setting up new infrastructure. GMX’s own documentation explains that “you can create up to 10 email addresses” and select any alias as the visible “From” address.

Despite originating from that external address, the messages are delivered successfully to corporate inboxes after passing SPF, DKIM, and DMARC validation—an unusual level of technical legitimacy that helped the email bypass common security filters.

The message contains a convincing Teams-branded layout, including:

• A large “Join the meeting now” call-to-action link

• A Meeting ID and Passcode section

• A fake “Organizer” section styled to mirror authentic Teams invites
  

The join link itself, however, does not open a meeting. Instead, the URL chain begins with a legitimate Microsoft login endpoint (which increases perceived authenticity) but then redirects to a compromised Azure Web App (pkpkpkpk-n8-7c271a.azurewebsites[.]net) that presents an OAuth authorization request and asks for permissions from the target’s Microsoft account.

Once a target clicks “Join the meeting”, they are taken to a Microsoft-branded OAuth consent page prompting them to authorize an unverified application titled “Please Confirm Attendance – Meeting Request.” This fake application requests permissions to:

• Sign in and read your profile

• Maintain access to data you have given it access to

• (Optionally) Consent on behalf of your organization

Once the user consents, the attacker gains persistent access to the victim’s Microsoft account and email data. This means they’re able to read mailboxes, impersonate the user for lateral phishing, and exfiltrate data—even if the user later changes their password.

By obtaining OAuth tokens instead of credentials, attackers bypass MFA protections entirely and gain long-term persistence through legitimate API access, making this one of the more dangerous and stealthy forms of modern phishing.

While phishing via Microsoft meeting invites is not especially new, this campaign combines several trust factors that make it unusually effective. Employees have been conditioned to respond quickly to calendar-related notifications, and the meeting context introduces a false sense of legitimacy and urgency. This is a form of contextual social engineering, where the pretext (joining a meeting) aligns perfectly with common daily workflows.

Including a meeting ID, passcode, and organizer details, along with the impersonated Microsoft branding, further enhances credibility. The combination of a calendar invite and HTML body also ensures visibility across multiple clients—e.g., Outlook desktop, web, and mobile.

Additionally, the attacker’s use of Microsoft’s OAuth authorization endpoint at the beginning of the redirect chain adds a critical layer of plausibility. Because users are accustomed to seeing familiar Microsoft URLs before sign-in, they are less likely to question the legitimacy of the consent prompt. This not only makes the email appear trustworthy but also allows it to evade traditional credential phishing defenses.

Over the past several months, calendar invite abuse has surged in popularity among attackers. These malicious .ics attachments or embedded meeting requests persist in users’ calendars even after the original phishing email has been deleted or quarantined, ensuring continued visibility and interaction opportunities for the attacker. This persistence makes calendar-based attacks particularly effective—and particularly difficult to remediate with legacy email controls alone.

Because OAuth consent grants operate within Microsoft’s own authentication ecosystem, traditional email filters and sandboxing tools have no visibility into the actual authorization process. Even advanced SEGs typically stop their inspection at the message layer, meaning the malicious behavior—token issuance and permission abuse—occurs completely outside their purview. The ability to discern malicious intent in this context requires behavioral understanding and contextual intelligence—something that static filters cannot provide.

Attackers also benefit from the “authorized app blind spot”: once a user grants consent, the malicious app’s activities appear legitimate in audit logs. Without continuous visibility into OAuth permissions and token activity, organizations may remain unaware of the compromise for weeks or months.

To defend against these attacks, organizations should:

• Block and report emails containing links to *.azurewebsites[.]net domains not sanctioned by your organization.

• Educate users to carefully inspect OAuth consent prompts, especially when applications are marked unverified or not published by the organization.

• Regularly audit third-party OAuth app permissions via security posture management tools.

• Enforce multi-factor authentication (MFA), but recognize that OAuth-based attacks can bypass it.

Additionally, as attackers increasingly weaponize calendar invitations, organizations require tools capable of detecting and removing malicious calendar entries. To address this, Abnormal recently introduced Calendar Invite Remediation, which automatically and precisely removes malicious or unwanted events associated with remediated emails.

Outlook can automatically add calendar events from .ics attachments or embedded invites when a message is delivered, and those events may remain on user calendars even after the phishing email is removed. This capability extends Abnormal’s detection and response to the calendar, ensuring those events are removed safely while legitimate meetings remain untouched.

PowerShell permissions enable that precision, allowing Abnormal to restore legitimate events when needed while maintaining full visibility for administrators. The result is protection that’s both intelligent and dependable, giving organizations confidence that every meeting on the calendar belongs there.

Ultimately, this campaign underscores how phishing has evolved, moving from credential theft to identity compromise through trusted cloud services. By combining OAuth abuse, Microsoft infrastructure, and persistent calendar-based lures, attackers are creating sophisticated threats that evade standard controls and exploit user trust.

AI-driven detection excels here because it identifies the subtle behavioral and contextual anomalies that indicate compromise. Abnormal inspects sender identity, communication intent, and message content to detect and block these threats before delivery—eliminating opportunities for employees to engage and put the organization at risk.

For additional insight into the threat landscape and more step-by-step attack breakdowns, visit our threat intelligence data and research hub, Abnormal Intelligence.