Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

ICloud Calendar callback phishing campaign

Campaign
First reported
Last updated
Happening score
H score 33
1 unique sources, 1 articles

Summary

Hide ▲

A callback phishing campaign is abusing iCloud Calendar and Apple's email servers to send fake purchase-notification emails that are more likely to bypass spam filters and reach inboxes. The lure impersonates a $599 PayPal charge and pushes recipients to call a scam phone number. The abuse of a trusted Apple delivery path increases delivery success and credibility.

Related Happenings

FakeWallet Apple App Store wallet-stealing apps

Malware Activity
First: 21.04.2026 00:52 Last: 21.04.2026 00:52 Sources 1

About this happening: The **FakeWallet** app set turned the **Apple App Store** into a delivery channel for **26 malicious wallet lookalikes**, putting crypto holders at risk of account takeover and th...

Open Happening

Apple account change notification phishing campaign

Campaign
First: 19.04.2026 19:03 Last: 19.04.2026 19:03 Sources 1

About this happening: A **callback phishing campaign** is abusing **Apple account change notifications** to deliver fake **iPhone purchase** scams through legitimate emails, making the lure look authen...

Open Happening

W3LL Microsoft 365 adversary-in-the-middle phishing campaign

Campaign
First: 13.04.2026 21:55 Last: 13.04.2026 21:55 Sources 1

About this happening: The **W3LL** phishing operation turned into a high-volume **Microsoft 365** credential-theft campaign, exposing **more than 17,000 victims worldwide** to **BEC** risk. The kit use...

Open Happening

EvilTokens phishing-as-a-service operation expands device code phishing and BEC

Threat Actor Meta
First: 01.04.2026 22:42 Last: 01.04.2026 22:42 Sources 1

About this happening: **EvilTokens** has been commercialized on **Telegram** as a continuously developed phishing-as-a-service kit, expanding **device code phishing** and **BEC** capabilities at scale....

Open Happening

Microsoft Azure Monitor callback phishing campaign

Campaign
First: 21.03.2026 16:09 Last: 21.03.2026 16:09 Sources 1

About this happening: A **callback phishing campaign** is abusing **Microsoft Azure Monitor** alerts to send fake billing warnings through legitimate Microsoft mail flow, making the messages more belie...

Open Happening

Timeline

  1. 07.09.2025 20:10 2 articles · 8mo ago

    iCloud Calendar invites send callback phishing emails from Apple’s servers

    Initial Disclosure

    A callback phishing campaign abuses iCloud Calendar invites to send fake PayPal purchase notifications from [email protected] and email.apple.com, with the lure text hidden in the Notes field and the invite sent to a Microsoft 365 address that can forward the message to downstream targets. The delivery path helps the email pass SPF, DMARC, and DKIM checks and may let it bypass spam filters, increasing the chance that recipients call the scammer’s support number.

    Show sources
    Open in new tab