iCloud Calendar Invites Abused for Callback Phishing Campaigns

First reported

07.09.2025 20:10

Last updated

📰 1 unique sources, 1 articles

Summary

Hide ▲

A callback phishing campaign uses iCloud Calendar invites to send emails from Apple's servers. The emails mimic legitimate purchase notifications from PayPal, tricking recipients into calling a scammer's support number. This method allows the phishing emails to bypass spam filters and appear more legitimate. The scam involves creating an iCloud Calendar event with phishing text in the Notes field and inviting a Microsoft 365 email address. When the invite is sent, it appears to come from Apple's email servers, passing SPF, DMARC, and DKIM checks. The emails target multiple recipients through a Microsoft 365 mailing list, which forwards the invites to all group members. The phishing emails aim to scare recipients into thinking their PayPal account has been fraudulently charged, prompting them to call the scammer's support number. Once contacted, the scammer attempts to gain remote access to the victim's computer to steal money, deploy malware, or steal data.

Timeline

07.09.2025 20:10 📰 1 articles

iCloud Calendar Abused for Callback Phishing Campaigns
A callback phishing campaign uses iCloud Calendar invites to send emails from Apple's servers. The emails mimic legitimate PayPal purchase notifications, tricking recipients into calling a scammer's support number. The campaign leverages the legitimacy of Apple's email servers to bypass spam filters and target multiple recipients through a Microsoft 365 mailing list.
Show sources

iCloud Calendar abused to send phishing emails from Apple’s servers — www.bleepingcomputer.com — 07.09.2025 20:10
Open in new tab

Information Snippets

The phishing emails are sent from [email protected], passing SPF, DMARC, and DKIM checks.
First reported: 07.09.2025 20:10

📰 1 source, 1 article
Show sources
- iCloud Calendar abused to send phishing emails from Apple’s servers — www.bleepingcomputer.com — 07.09.2025 20:10
The emails mimic legitimate PayPal purchase notifications, including a phone number for support.
First reported: 07.09.2025 20:10

📰 1 source, 1 article
Show sources
- iCloud Calendar abused to send phishing emails from Apple’s servers — www.bleepingcomputer.com — 07.09.2025 20:10
The scam involves creating an iCloud Calendar event with phishing text in the Notes field.
First reported: 07.09.2025 20:10

📰 1 source, 1 article
Show sources
- iCloud Calendar abused to send phishing emails from Apple’s servers — www.bleepingcomputer.com — 07.09.2025 20:10
The invites are sent to a Microsoft 365 email address, which forwards the emails to multiple recipients.
First reported: 07.09.2025 20:10

📰 1 source, 1 article
Show sources
- iCloud Calendar abused to send phishing emails from Apple’s servers — www.bleepingcomputer.com — 07.09.2025 20:10
Microsoft 365 uses the Sender Rewriting Scheme (SRS) to rewrite the Return path, allowing the emails to pass SPF checks.
First reported: 07.09.2025 20:10

📰 1 source, 1 article
Show sources
- iCloud Calendar abused to send phishing emails from Apple’s servers — www.bleepingcomputer.com — 07.09.2025 20:10
The phishing emails aim to trick recipients into calling a scammer's support number, leading to potential remote access and data theft.
First reported: 07.09.2025 20:10

📰 1 source, 1 article
Show sources
- iCloud Calendar abused to send phishing emails from Apple’s servers — www.bleepingcomputer.com — 07.09.2025 20:10

Summary

Timeline

iCloud Calendar Abused for Callback Phishing Campaigns

Information Snippets