TL;DR An attacker created a Google Calendar event from a freshly registered, privacy-protected domain and invited targets with a calendar notification claiming a USD 399.77 transaction had been finalized. The ICS file contained only a reference number and a callback phone number. All links in the notification resolved to legitimate calendar.google.com endpoints. No credential harvesting page, no malicious URL. The attack relied entirely on the recipient calling the phone number to begin a vishing session. DKIM and ARC passed for google.com. SPF for the organizer domain returned none. No verifiable identity behind the sender name.
Severity: Medium Toad Vishing Social Engineering MITRE: {'id': 'T1566.004', 'name': 'Phishing: Spearphishing Voice'} MITRE: {'id': 'T1656', 'name': 'Impersonation'} MITRE: {'id': 'T1585.001', 'name': 'Establish Accounts: Social Media Accounts'}
The calendar notification looked routine. An invitation. A reference number. A dollar amount. A transaction had been finalized, the message said, for USD 399.77. The subject line included what appeared to be a case or confirmation number.
There were no links to click. No attachments to open. No login page waiting on the other side of a button. The only actionable element in the entire message was a phone number in the event description.
That was the point.
The ICS File as a Social Engineering Delivery Vehicle
The invite arrived via Google Calendar infrastructure. The notification email originated from 5zwxujtinufp2n5djahoo9f4wq@google[.]com, a Google-generated sender address for calendar notifications. The organizer field listed an address at a freshly registered, privacy-protected domain with no SPF record, no verifiable identity behind the sender name, and no prior history.
The domain had been registered recently through Hosting Concepts B.V. (Registrar.eu) with privacy protection enabled. At the time of delivery, it had been active for only a short period. No web presence. No published SPF record, meaning any SPF evaluation for that domain returns none. No MX records beyond minimums.
This is the anatomy of single-use attacker infrastructure: a domain registered cheaply, used briefly, and abandoned before any investigator arrives.
The ICS event file itself, invite.ics at approximately 1.8KB, was structurally clean. No exploit, no embedded code. The DESCRIPTION field of the calendar event carried the full payload:
- A billing claim: "Paid: USD 399.77"
- A customer care phone number:
(808)-321-8085
Every link embedded in the Google Calendar notification resolved to calendar.google[.]com endpoints: the standard accept, decline, and view links that appear on every calendar invite. All scanned clean, because they are clean. They go to Google.
Why Google Calendar Authentication Does Not Help Here
DKIM and ARC both passed for google[.]com. That means Google's servers signed the message, and the signature was valid. When email security tools evaluate this message, they see a properly authenticated notification from Google infrastructure.
Authentication validates the sending channel, not the content. Google Calendar sends whatever the event creator puts in the description field. A DKIM pass for google[.]com confirms only that Google's servers generated the notification. It says nothing about the legitimacy of the billing claim, the identity of the organizer, or the intent behind the phone number in the event description.
The organizer domain had SPF=none, which means the organizer's own domain published no sending policy. But the notification email itself was sent by Google, so Google's authentication was what evaluators saw. This is a structural property of calendar invite abuse: the channel authentication belongs to Google, not to the organizer.
Telephone-Oriented Attack Delivery: No Technical Payload Needed
This attack is a social engineering operation. The entire attack chain runs through human behavior, not technical exploitation.
A recipient who sees a $399.77 charge they do not recognize may call the number. That number does not go to a legitimate customer service operation. It goes to an attacker-controlled vishing center. From there, the attack takes whatever shape the operator chooses: extracting payment card data to "reverse the charge," requesting remote access to "investigate the transaction," credential harvesting through a claimed account portal, or simply running a high-pressure social engineering session.
TOAD attacks are especially effective because they defeat the assumption that email security covers all attacker surface area. The email itself is inert by every technical measure. There is no URL to block, no attachment to sandbox, no domain to put on a blocklist. The conversion from potential victim to actual victim happens entirely off-channel, in a phone call that email security tools will never see.
The MITRE framework classifies this pattern under T1566.004 Spearphishing Voice, acknowledging that the phone call is the primary attack vector even when email is the delivery mechanism. The calendar invite format is a delivery optimization: it creates a more prominent notification, lands in the calendar application rather than the inbox, and implies a pre-existing business relationship through the meeting-scheduling context.
Themis, the IRONSCALES Adaptive AI engine, flagged this message based on behavioral signals: a freshly registered organizer domain with no SPF record, a billing claim in the event description, a callback phone number as the sole actionable element, and no verifiable identity behind the sender. The combination maps to the TOAD pattern recognized across the IRONSCALES community threat feed.
No Technical Payload Does Not Mean No Risk
Security teams sometimes under-prioritize TOAD alerts because the email itself has no scannable threat. That is the design. The payload is a human operator waiting for a phone call. The conversion rate on a well-crafted TOAD campaign targeting financial anxiety (an unexpected charge) can be significantly higher than a credential phishing link, because the victim is actively engaged in a conversation rather than being asked to click something unfamiliar.
Calendar invite delivery specifically targets the moment when a user is processing their schedule, a context in which they are already primed to take action based on what they read.
See Your Risk: Calculate how many threats your SEG is missing
Indicators of Compromise
| Type | Indicator | Context |
|---|
| Calendar Sender | 5zwxujtinufp2n5djahoo9f4wq@google[.]com | Google Calendar notification sender address |
| Organizer Domain | scoolsd[.]com | Freshly registered, privacy-protected; no SPF; registered via Hosting Concepts B.V. |
| Relay IP | 209[.]85[.]220[.]73 | mail-sor-f73.google.com, legitimate Google outbound |
| Callback Phone | (808)-321-8085 | Attacker-controlled vishing number in ICS DESCRIPTION |
| Claim Amount | USD 399.77 | Fraudulent billing amount in event description |
| ICS File | invite.ics | ~1.8KB; structurally clean; malicious content in DESCRIPTION field only |
| DKIM | Pass for google[.]com | Signing domain is Google, not organizer domain |
| SPF (organizer) | None | scoolsd[.]com published no SPF record |
MITRE ATT&CK Mapping
| Technique | ID | Relevance |
|---|
| Phishing: Spearphishing Voice | T1566.004 | Callback phone number as primary attack vector delivered via calendar invite |
| Impersonation | T1656 | Fake billing claim impersonates a legitimate service provider transaction |
| Establish Accounts: Social Media Accounts | T1585.001 | Google account creation used to send calendar invitations via legitimate platform |
Email Attack of the Day is a daily series from
IRONSCALES spotlighting real phishing attacks caught by Adaptive AI and our community of 35,000+ security professionals. Each post breaks down a real attack. What it looked like, why it worked, and what to do about it.
/case_study_thumb_telit.webp?width=1136&height=639&name=case_study_thumb_telit.webp)
/Leadership%20Headshots/Audian%20Paxson%20Headshot%201000x1000%20032026.webp?width=100&height=100&name=Audian%20Paxson%20Headshot%201000x1000%20032026.webp)
/Misc%20Icons/icon-red-teaming-agent-gradient-simple.svg)
/Misc%20Icons/icon-phishing-soc-agent-gradient-simple.webp?width=158&height=167&name=icon-phishing-soc-agent-gradient-simple.webp)
/Misc%20Icons/icon-phishing-simulation-agent-gradient-simple.svg)
/Misc%20Icons/icon-nav-encryption.svg)
