Phishing attacks have evolved significantly, with cybercriminals now exploiting Apple’s iCloud Calendar invite system to bypass spam filters and trick users into calling fake support numbers. This sophisticated approach leverages Apple’s trusted infrastructure to send legitimate-looking calendar invites containing phishing content, making them appear more credible and increasing the likelihood that users will take the bait.
According to reports, the scam works by sending calendar invites from Apple’s genuine domain, [email protected], as reported by Bleeping Computer. The attackers embed phishing messages in the ‘Notes’ section of these calendar events, which are then sent to a Microsoft 365 email address they control. This email address is part of a mailing list, allowing the invite to be automatically forwarded to multiple real targets. This amplifies the reach of the scam significantly.
Microsoft 365’s use of the Sender Rewriting Scheme (SRS) helps the scam pass SPF checks, which are designed to prevent email spoofing. This rewriting process makes the email appear fully legitimate, both in the recipient’s inbox and to automated spam filters. This technique increases the chance the message will reach users without being flagged, making it more likely they will take the bait.
The scam is designed to create a sense of urgency and panic, as it falsely claims that a large PayPal transaction has occurred without the recipient’s consent. The message includes a phone number for contacting ‘support’, which connects users to a scammer posing as a technical support agent. Once contacted, the victim is often convinced that their computer has been compromised and is then asked to download remote access software under the guise of issuing a refund or securing the account.
In reality, this access is used by scammers to steal banking information, install malware, or exfiltrate personal data. Because the original message passed security checks and seemed credible, victims often don’t think twice before acting. The credibility provided by Apple’s servers makes these scams particularly dangerous, as users are less likely to suspect foul play.
Experts advise that users should be cautious of unexpected calendar invites, especially those with alarming claims. They should never open or respond to such invites without verifying the legitimacy of the request. Instead, users should log into their official accounts to check for suspicious activity and contact the company using official contact details found on their website. Regularly updating software and using antivirus protection can also help safeguard against these sophisticated phishing attacks.
In addition to these steps, using a password manager to create and store strong, unique passwords for each account is recommended. Data removal services can also be used to scrub personal information from data broker websites, reducing the risk of targeted phishing attacks. Cybersecurity measures such as these are crucial for protecting users from the increasing sophistication of modern phishing schemes.