Hackers are exploiting iCloud Calendar invites to send deceptive callback phishing emails, which appear to be legitimate purchase notifications. Since these emails are sent directly from Apple's servers, they are more likely to bypass spam filters and land in a target's inbox.
In a recent example, a user received an email disguised as a PayPal payment receipt for $599. The email, which came from a "
This particular scam is unique because it abuses the legitimate iCloud Calendar invite feature. The hackers create a calendar event and put the phishing text in the notes section. When the event is created, Apple's servers send an invitation email to the intended targets. The email passes all standard security checks like SPF, DMARC, and DKIM, giving it an air of authenticity.
The attackers seem to be using a Microsoft 365 mailing list to automatically forward the invite to a large number of victims. Microsoft 365's Sender Rewriting Scheme allows the email to pass SPF checks, adding another layer of legitimacy.
As a general rule, you should be cautious of any unexpected calendar invites with unusual messages, even if they appear to be from a trusted source.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
