---
title: "Microsoft Halts Phishing, Calendly Invite Danger, OpenAI Security Incident | DMARC Report"
description: "Microsoft Halts Phishing, Calendly Invite Danger, OpenAI Security Incident from DMARC Report explains practical steps for email authentication, domain."
image: "https://dmarcreport.com/og/blog/microsoft-halts-phishing-calendly-invite-danger-openai-security-incident.png"
canonical: "https://dmarcreport.com/blog/microsoft-halts-phishing-calendly-invite-danger-openai-security-incident/"
---
Quick Answer
\_According to the FBI's 2022 Internet Crime Report (IC3), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report Microsoft Halts Phishing, Calendly Invite Danger, OpenAI Security Incident
Related: [Free DMARC Checker](/tools/dmarc-checker/) ·[How to Create an SPF Record](/tools/spf-record-generator/) ·[SPF Record Format](/blog/spf-format-checker-dos-and-donts-for-email-authentication/)
Share
[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fmicrosoft-halts-phishing-calendly-invite-danger-openai-security-incident%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Microsoft%20Halts%20Phishing%2C%20Calendly%20Invite%20Danger%2C%20OpenAI%20Security%20Incident&url=undefined%2Fblog%2Fmicrosoft-halts-phishing-calendly-invite-danger-openai-security-incident%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fmicrosoft-halts-phishing-calendly-invite-danger-openai-security-incident%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fmicrosoft-halts-phishing-calendly-invite-danger-openai-security-incident%2F&title=Microsoft%20Halts%20Phishing%2C%20Calendly%20Invite%20Danger%2C%20OpenAI%20Security%20Incident "Share on Reddit") [ ](mailto:?subject=Microsoft%20Halts%20Phishing%2C%20Calendly%20Invite%20Danger%2C%20OpenAI%20Security%20Incident&body=Check out this article: undefined%2Fblog%2Fmicrosoft-halts-phishing-calendly-invite-danger-openai-security-incident%2F "Share via Email")
> Domain spoofing is trivially easy without DMARC enforcement, says Brad Slavin, General Manager of DuoCircle. Anyone can send email that looks like it comes from your domain. DMARC with p=reject is the only way to tell receiving servers to block unauthorized senders completely.
\_According to the [FBI’s 2022 Internet Crime Report (IC3)](https://www.ic3.gov/Media/PDF/AnnualReport/2022IC3Report.pdf), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report
Microsoft Halts Phishing, Calendly Invite Danger, OpenAI Security Incident
```
```
/
```
```
RSS Feed
```
Share
Link
Embed
```
/\*! This file is auto-generated \*/ ’ title=“Embed Code” class=“input-embed input-embed-34679” readonly/>
```
```
It’s December, and while everyone is gearing up for the grand festivities, cybercrooks are also busy developing and executing [threat campaigns](https://thehackernews.com/2025/11/cisa-warns-of-active-spyware-campaigns.html). There’s something about holidays and the shopping season that these threat actors love way too much. One, people really let their guards down as they try to enjoy life. _Secondly, brands try to make the most of this time period by running attractive, limited-time campaigns_.
It is these moments of carefree indulgence and chaos that the [cybercrooks](https://www.csoonline.com/article/4032743/cybercrooks-faked-microsoft-oauth-apps-for-mfa-phishing.html) want to abuse by deploying sophisticated threat campaigns. Only awareness and vigilance can **protect you from the clutches of cybercriminals**. That’s exactly why we are here with our first cyber bulletin of the month. Let’s not waste any more time and get started on the details!
## **Microsoft disrupts a massive phishing campaign designed by Storm-0900** 
A threat actor named [Storm-0900](https://cyberpress.org/storm-0900-phishing-attack/) designed a threat campaign around Thanksgiving Eve and flooded inboxes across the USA with [malicious emails](https://www.securitymagazine.com/articles/100687-the-last-six-months-shows-a-341-increase-in-malicious-emails). It was a carefully planned campaign aimed at compelling unsuspecting users to click on [malicious links](https://www.scworld.com/news/new-usps-text-scam-uses-unique-method-to-hide-malicious-pdf-links) in the emails. The campaign started to peak around **November 26th**. Emails were themed around urgent medical results and [parking violations](https://en.wikipedia.org/wiki/Parking%5Fviolation). The core purpose was to abuse the time when the majority of the people would be busy traveling, celebrating festivals, or indulging in shopping experiences.
The [threat actor](https://www.teiss.co.uk/news/threat-actor-claims-sale-of-mercedes-benz-usa-legal-and-customer-data-after-alleged-183-gb-breach-16791) carefully structured the campaign to target two key aspects- \*\*administrative urgency and personal urgency. Storm-0900 used a neighbor spoofing technique on their targets. The goal was to make the victims succumb to social pressure. Some emails were also designed to look more formal and institutional . Most of these emails claim to be from medical centers and to contain an “INR test report.” An element of urgency was further added to every email claiming that “we are closed Thursday, November 28th, in observance of Thanksgiving.” Microsoft, with its robust [defense systems](https://www.bbc.com/news/articles/cwy33n484x0o), managed to identify the threat campaign right on time and disrupted it immediately. A [multi-layered security](https://wasabi.com/learn/importance-of-multi-layered-security) strategy was developed to **detect and eradicate the campaign**. The defense strategy included multiple steps, like email filtering, endpoint protection, and finally, infrastructure takedown.
To counter these rising phishing threats, organizations are increasingly adopting [DMARC](https://dmarcreport.com/), [DKIM](https://dmarcreport.com/what-is-dkim/), and [SPF](https://autospf.com/blog/spf-guide-understanding-sender-policy-framework/) to strengthen [email authentication](https://dmarcreport.com/blog/why-email-security-matters-and-how-to-get-it-right/) and protect [brand integrity](https://www.channelsight.com/blog/brand-integrity).
## \*\*Beware, That Calendly invite can get your ad manager account hacked A new [phishing campaign](https://cybersecuritynews.com/threat-actors-attacking-fans-of-belgian-grand-prix/) is doing the rounds where the threat actors use Calendly-themed invites to get access to Google Workspace and **Facebook business accounts**. Cybercrooks have been targeting ad manager accounts of businesses for a long time. But this time, the threat actors have effectively increased the success rate of this campaign.
Calendly is a digital scheduling platform that enables organizers to send virtual meeting links to attendees, where the latter can select a suitable time slot. [Cybercriminals](https://edition.cnn.com/2025/06/28/business/cyberattacks-airlines-fbi-criminal-group) have misused Calendly earlier, too. But this time, they are abusing reputed brand names such as Disney, Uber, Unilever, LVMH, and MasterCard.
Basically, the threat actor impersonates a recruiter from a popular brand and then shares false meeting invitations to the victims. They take the help of different AI tools to come up with fake emails. When a victim clicks on the malicious link, they get directed to a fake Calendly-lookalike page. There, the victim is required to solve a [CAPTCHA](https://www.ibm.com/think/topics/captcha). Meanwhile, the [AiTM phishing page](https://cyberpress.org/aitm-phishing-campaigns-target-microsoft-365-and-google-accounts/) tries to capture the victim’s \*\*Google Workspace login sessions.
So far, threat actors have impersonated around 75 well-known brands.
## \*\*OpenAI gets breached because of its analytics partner OpenAI has experienced a major cyber breach as threat actors managed to \*\*penetrate the network of [Mixpanel](https://www.teiss.co.uk/news/openai-notifies-api-customers-of-data-exposure-linked-to-mixpanel-breach-16778), OpenAI’s analytics partner. The threat actors have managed to steal customer profile information.
The CEO of Mixpanel has shared a post stating that the breach happened on **November 8th**. It was a [smishing attack](https://www.livemint.com/news/world/fbi-sounds-alarm-on-rising-smishing-attacks-hitting-us-smartphones-report-11750786714613.html), one that involves malicious SMS to target victims. The threat actors targeted employees at Mixpanel to get access to [sensitive data](https://www.aljazeera.com/news/2025/6/6/us-supreme-court-grants-doge-access-to-sensitive-social-security-data) related to OpenAI profiles.
_Some of the critical data compromised by this attack includes names, email addresses, referring websites, locations, and so on. Mixpanel claims that they have communicated directly with each and every impacted customer._ OpenAI, on the other hand, has terminated its connection with Mixpanel.
OpenAI has clarified that no payment details, [API keys](https://www.fortinet.com/resources/cyberglossary/api-key), passwords, user credentials, or government IDs were compromised in this incident. But it has advised customers to stay vigilant and double-check any email that appears to be coming from **OpenAI’s domain**. Turning on [Multi-Factor Authentication](https://www.onelogin.com/learn/what-is-mfa) can also be a smart move in this situation.
This [threat attack](https://www.voanews.com/a/us-capital-in-heightened-threat-environment-after-new-year-s-day-attacks-/7923765.html) is a staggering reminder that securing the primary platform is just level one of **risk prevention**. One must also be equally mindful of securing the secondary platforms and other partners associated with the main platform. Cybercrooks often use these less-secure secondary platforms as backdoors for unauthorized entry.
## Topics
[ dkim ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ News ](/tags/news/)[ SPF ](/tags/spf/)
[ Vishal Lamba ](/authors/vishal-lamba/)
Content Specialist
Content Specialist at DMARC Report. Writes vendor-specific email authentication guides and troubleshooting walkthroughs.
[LinkedIn Profile →](https://www.linkedin.com/in/vishal-lamba/)
## Take control of your DMARC reports
Turn raw XML into actionable dashboards. Start free - no credit card required.
[Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/)
## Related Articles
[ Foundational 4m Adidas Data Breach, Whatsapp Image Threat, Silent Ransom Vishing May 29, 2025 ](/blog/adidas-data-breach-whatsapp-image-threat-silent-ransom-vishing/)[ Foundational 4m Africa Fights Cybercrime, Attention Farmers Customers, Apple Prevents Threats Aug 28, 2025 ](/blog/africa-fights-cybercrime-attention-farmers-customers-apple-prevents-threats/)[ Foundational 4m AI Scam Alert, Federal Cuts Vulnerability, American Tire Cyberattack Sep 9, 2025 ](/blog/ai-scam-alert-federal-cuts-vulnerability-american-tire-cyberattack/)[ Foundational 4m Akira flaunts victims, Idaho targets orthodontist, AI granny protects Nov 22, 2024 ](/blog/akira-flaunts-victims-idaho-targets-orthodontist-ai-granny-protects/)
```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]}
```
```json
{"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```
```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Microsoft Halts Phishing, Calendly Invite Danger, OpenAI Security Incident","description":"Microsoft Halts Phishing, Calendly Invite Danger, OpenAI Security Incident from DMARC Report explains practical steps for email authentication, domain.","url":"https://dmarcreport.com/blog/microsoft-halts-phishing-calendly-invite-danger-openai-security-incident/","datePublished":"2025-12-04T11:57:59.000Z","dateModified":"2026-04-16T15:53:43.000Z","dateCreated":"2025-12-04T11:57:59.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/vishal-lamba/#person","name":"Vishal Lamba","url":"https://dmarcreport.com/authors/vishal-lamba/","jobTitle":"Content Specialist","description":"Vishal Lamba writes DMARC Report's how-to guides and vendor-specific configuration walkthroughs. His work focuses on step-by-step implementation guides for major email platforms (Google Workspace, Microsoft 365, SendGrid, Mimecast, Proofpoint, Brevo, and others), troubleshooting common SPF and DMARC errors, and translating RFC-level specifications into practical deployment procedures for IT administrators.","image":"https://media.mailhop.org/dmarcreport/images/team/vishal-lamba.jpg","knowsAbout":["SPF Vendor Configuration","Email Platform Integrations","SPF Troubleshooting","Technical Documentation","Step-by-Step Guides"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/vishal-lamba/"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/microsoft-halts-phishing-calendly-invite-danger-openai-security-incident/"},"articleSection":"foundational","keywords":"dkim, DMARC, News, SPF","wordCount":1131,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg","caption":"Microsoft Halts Phishing, Calendly Invite Danger, OpenAI Security Incident","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}]
```
```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"Microsoft Halts Phishing, Calendly Invite Danger, OpenAI Security Incident","item":"https://dmarcreport.com/blog/microsoft-halts-phishing-calendly-invite-danger-openai-security-incident/"}]}
```