The Rise of Calendar Invite Abuse: QR Code Campaign Uses Malformed ICS Files to Evade Detection

17 June 2026

By Rikesh Vekaria, Paul Puttonen and the Mimecast Threat Research Team

Campaign Overview

Attackers have found a new way to defeat QR code analysis tools: break the file on purpose.

In May 2026, the Mimecast Threat Research team identified a high-volume quishing campaign that embedded malicious QR codes inside calendar invite attachments, and deliberately malformed those attachments to violate RFC 2445, the specification that calendar files are built on. The result was that automated tools attempting to extract and analyze the QR code failed at the parsing stage, before they could identify anything malicious.

The campaign also showed signs of imperfect automation. The image in each email presented a Microsoft-branded prompt, but its alternate text referenced the recipient organization's own domain, suggesting the attacker's tooling was designed to pull the target's logo dynamically and failed to do so. Sender addresses, subject lines, and message content were rotated throughout, specifically to defeat signature- and reputation-based controls.

May 2026 Malformed ICS Quishing Campaign

Campaign Structure and Delivery

Caption: The calendar invite attachment carried a QR code that, once scanned, routed the recipient through a human verification step before delivering the malicious content.

Caption: This intermediate gate was designed to evade automated analysis and to lend the experience a sense of legitimacy.

Caption: Throughout the campaign, sender addresses, subject themes, and message content varied continuously, making signature-based detection significantly less effective.

Layered Evasion Techniques

The campaign combined multiple evasion tactics to systematically defeat each layer of automated detection:

Trusted origin: Messages were sent from Google mail hosts and passed SPF, DKIM, and DMARC authentication, presenting a clean sending reputation to receiving systems.

Minimal payload: Each email contained only an image and a calendar invite in .ics format, omitting the body text, links, and file attachments that detection engines typically inspect.

Obfuscated attachment: The .ics attachment deliberately violated RFC 2445, the calendar file specification, and its X property lines were filled with randomly generated content specifically designed to cause QR code extraction tools to fail at the parsing stage.

Embedded QR code: A QR code was placed inside the calendar invite, moving the actionable element away from the email body and onto the recipient's mobile device, outside the reach of corporate email filtering and endpoint controls.

Human verification gate: Scanning the QR code routed the recipient through a human verification step before reaching the attacker-controlled destination, frustrating automated crawling and keeping the landing URL hidden from analysis tools.

Dynamic targeting with imperfect execution: The campaign attempted to dynamically insert recipient organization logos into the phishing lure but failed, leaving Microsoft branding in the image while the alt text referenced the target's domain—evidence of sophisticated tooling with implementation gaps.

Malformed ICS Files: Breaking Standards to Evade Detection

The campaign's evasion technique involved deliberately violating RFC-5545, the technical specification that defines how calendar files should be structured. The .ics attachment's X property lines were filled with randomly generated content designed to cause QR code extraction tools to fail at the parsing stage.

RFC-5545 non-compliance

1. Content appears before BEGIN:VCALENDAR
   The file starts with many X-... lines before the calendar actually begins. That is invalid per RFC 5545.
   Security tools and parsers often look for BEGIN:VCALENDAR first. Extra lines upfront can push suspicious content out of simple scans, confuse “is this a calendar?” checks, or bury the real invite lower in the attachment so humans and automation skim past it.
2. Malformed X- lines + experimental names
   The lines look like calendar metadata (X-GENERATION; FUTURE:, X-ADULT; CUSTOMER:) but use ; WORD: instead of valid syntax (;WORD=value: or X-WORD:value).
   Why attackers do it:
   • X- properties are allowed in the RFC specification, so the file looks “technical” and legitimate at a glance.
   • Random word pairs (GENERATION / FUTURE, PAPER / WITHIN) mimic real fields without being standard names, noise that breaks strict parsers but may still display in lenient clients.
   • Malformed parameters mean some security parsers fail or skip the file, while some calendar apps may still partially open it — a classic “format abuse” trick.

This approach defeats automated analysis in several ways:

• Parsing engines terminate prematurely: Security tools that expect standards-compliant files encounter malformed data and abort processing before reaching the embedded QR code
• QR code extraction fails: Tools designed to locate and process embedded images cannot function when the file structure is deliberately corrupted
• URL-dependent technologies have nothing to analyze: Traditional detection technologies that depend on resolving the landing URL to derive a verdict—such as sandboxing, URL analysis, and LLM agents—fail because the URL remains hidden inside a corrupted attachment

Calendar Invite Abuse: Broader Threat Landscape

While the May 2026 malformed ics, quishing campaign represents the latest evolution of calendar-based attack Mimecast has observed, it exists within a broader landscape of calendar invite abuse. Threat actors continue to exploit calendar functionality across multiple attack variants:

HTML-Embedded Phishing

Some attacks embed HTML content directly within .ics files that resolves to phishing pages when opened. The calendar invite itself serves as the delivery mechanism, with embedded HTML that renders credential harvesting forms or redirects to external phishing infrastructure. This approach bypasses traditional email content scanning since the malicious content never appears in the email body.

Vishing Callback Scams

Calendar invites can deliver phone numbers with urgent messaging designed to initiate voice phishing attacks. These invites typically reference account security concerns, overdue payments, or critical IT issues that require immediate attention via phone call. The calendar format lends credibility to the request, as users perceive scheduled events as more legitimate than unsolicited emails.

Why Calendar Invite Abuse Is Effective

Calendar-based attacks exploit several fundamental vulnerabilities in how organizations and users interact with scheduling systems:

Automatic addition to calendars: Default settings in Google Calendar and Microsoft 365 often automatically add external invitations to users' calendars without requiring explicit acceptance. This automation means users may be exposed to malicious content without having consciously chosen to engage with it.

User trust in calendar notifications:Users inherently trust calendar notifications as part of their normal workflow. When a fraudulent event appears alongside legitimate business meetings, the contextual placement creates implicit credibility that attackers exploit.

Reduced scrutiny compared to email: Calendar invites receive less rigorous inspection than standard emails, both from security technologies and from users themselves who have been trained to scrutinize email links but not calendar event content.

Persistence across email deletion: Even when the original phishing email is identified and removed from a user's inbox, the calendar event may persist in their schedule, continuing to expose them to malicious content.

Mimecast Protection

Mimecast has implemented detection capabilities specifically designed to identify malicious calendar invites and quishing attacks that exploit malformed ICS files. Multi-Vector Threat Protection (MVTP) applies first-principles analysis instead of depending on the final resolved landing URL for phishing detection or focusing solely on exploitation-stage indicators for malware detection. It contextually correlates pre-execution signals including call-to-action URLs, delivery patterns, redirection behaviour, authentication context, and message-level attributes to derive a verdict.

The Threat Research team continues to monitor for changes in techniques used by threat operations abusing calendar infrastructure and has added several attributes from the May 2026 campaign to detection capabilities.

Targets: Global but more targetted towards UK, Germany and US, cross-industry

Indicators of Compromise (IOCs)

Common Subjects

• March 2026 Code of Conduct
• Ethics Training Program Manual
• Hybrid Model Policy Energy Industries
• Employees Manual Procedures
• Evaluation Policy Handbook
• Supply Chain Ethics
• Procedures Handbook
• Policy Rewards Program Guide
• Hybrid Model Policy
• Safety Health Compliance Policy
• Program Guide
• Supply Chain Ethics
• Corporate Responsibility Standards

What Defenders Should Take Away

Quishing campaigns that hide QR codes inside calendar attachments exploit a fundamental blind spot: by the time a user scans the code, the attack has moved onto a personal mobile device where email filtering, web protection, and endpoint monitoring are often absent or considerably weaker. If credentials are harvested at that stage, the corporate security stack may never know the interaction happened.

Traditional detection technologies, including sandboxing, URL analysis, and LLM-based agents, depend on resolving the landing URL to derive a verdict. When that URL is hidden behind a malformed attachment, a QR code, and a human verification gate, there is nothing for those tools to analyze.

Defenders should treat authenticated calendar invites with minimal body content and image-only payloads as high-risk regardless of sender authentication status. Attachment parsing needs to survive malformed ICS headers, and users need to understand that scanning a QR code is the equivalent of clicking an unverified link.

Defenders should also assume that the volume and variety of evasion techniques will continue to increase. AI models are enabling threat actors to generate layered evasions and their variants at scale, security controls need to be built around first-principles detection rather than pattern matching against known variants.