Scammers Are Using Apple Calendar Again to Send Phishing Emails
Did you know you can set up Google to filter out junk? Follow these steps to improve your search results, including adding my work on Lifehacker as a preferred source .
Apple Calendar spam is nothing new: iCloud users began reporting a flood of unwanted invitations nearly a decade ago, and over the years, scammers have returned to the tactic by distributing malicious links to phishing sites. Recently, the folks at 9to5Mac reported on a recent wave of spam invitations containing malicious links leading to cryptocurrency-related scams.
Attackers also use Calendar invitations to send phishing emails that look like PayPal purchase notifications. Because the messages come from Apple’s mail server, they can bypass security measures and end up in your inbox.
Scammers Use Calendar to Send Phishing Callback Emails
The latest scam, detailed by BleepingComputer , is a form of callback phishing that aims to trick victims into making phone calls to collect sensitive information or connect to users’ devices.
The scam begins with a calendar invite to an event called “Invoice for Purchase.” The event notes state that a large amount has been charged to the recipient’s PayPal account and encourage the user to call customer service to discuss the situation, make changes, or cancel the payment. The idea is that you’ll be scared and think your PayPal account has been hacked. If you call, the scammer will likely try to extract sensitive information or ask you to download and install malware on your device under the guise of a refund.
Upon closer inspection, you’ll find that the message was sent from [email protected] — Apple’s legitimate email server — allowing it to pass security checks and spam filters. As BleepingComputer describes, anyone can create an event in iCloud Calendar and add other recipients to receive email invitations from Apple’s servers.
In this case, the scammers also appear to be using a Microsoft 365 email address that is actually a mailing list, forwarding messages to recipients added to the group — the targets of this scam. Earlier this year, scammers used a similar tactic, sending emails that appeared to be from [email protected] .
How to combat fake calendar invitations
Unfortunately, there’s little you can do to prevent fraudulent iCloud Calendar invitations from reaching your inbox, and declining them can actually make the problem worse. You can move spam events to a separate calendar and delete calendars entirely, but as for notifications and any instructions within them, it’s best not to interact with them.
Always be extremely wary of calendar invites you weren’t expecting, and watch out for signs of fraud, such as rushed payments or account security issues. Never call the phone numbers listed in such messages. If you’re concerned about your account, log in through the official website or app, check for activity, and contact the company using the contact information provided there.