Scammers are abusing iCloud Calendar to send phishing emails

Phishing scammers are now abusing iCloud Calendar invites to send fraudulent messages from Apple’s own servers, making them harder to detect.

Phishing attacks are becoming increasingly sophisticated, and the latest scam takes exploitation of a trusted platform to a new level. Instead of sending generic or suspicious-looking emails, attackers are now abusing Apple’s iCloud Calendar invite system to deliver phishing content directly from Apple’s own email servers.

This clever tactic allows the fraudulent messages to bypass spam filters and appear more legitimate to unsuspecting users. The goal is to alarm you into calling a scammer’s fake support number under the pretense of disputing a fraudulent PayPal transaction. Once contacted, you are manipulated into granting remote access to your devices or sharing sensitive data.

 

 

iCloud Calendar invites used for phishing emails

Credit: BleepingComputer

 

How the scam uses iCloud Calendar invites to bypass security

The heart of this scam lies in abusing Apple’s official infrastructure to lend credibility to a phishing attempt. Instead of using a suspicious or easily flagged email address, the attackers send calendar invites from Apple’s genuine domain, noreply@email.apple.com, as reported by Bleeping Computer.

The attacker embeds the phishing message in the “Notes” section of the calendar event, making it appear as a legitimate notification. They send the calendar invite to a Microsoft 365 email address they control, which is part of a mailing list. As a result, the invite is automatically forwarded to multiple real targets, broadening the scam’s reach.

Typically, when emails are forwarded, SPF (Sender Policy Framework) checks fail because the forwarding server isn’t listed as an authorized sender. However, Microsoft 365 uses a technique called the Sender Rewriting Scheme (SRS), which rewrites the return path so that the message still passes SPF checks.

This makes the email appear fully legitimate to both the recipient’s inbox and automated spam filters. As a result, the message is far more likely to reach a user’s inbox without being flagged, increasing the chance the victim will take the bait.

Apple logo on a building

 

Why these phishing scams are particularly dangerous

What makes this campaign especially dangerous is the sense of legitimacy it conveys. Because Apple’s official servers send the email directly, users are far less likely to suspect foul play. The message itself aims to panic the recipient by falsely claiming a large PayPal transaction occurred without their consent. The message includes a phone number to “contact support” and dispute the charge, but in reality, it connects the victim to a scammer.

Once the victim calls the number, the scammer poses as a technical support agent and attempts to convince them that their computer has been compromised. The next step is typically to ask the victim to download remote access software, under the guise of issuing a refund or securing the account.

In reality, this access is used to steal banking information, install malware, or exfiltrate personal data. Because the original message passed security checks and seemed credible, victims often don’t think twice before acting.

 

Person is using a laptop

 

6 ways you can stay safe from iCloud Calendar scammers

I have listed some useful steps you can take to protect yourself from falling victim to these increasingly sophisticated phishing scams:

 

1) Treat unexpected calendar invites with caution

If you receive an unexpected calendar invite, especially one containing a strange message or alarming claims, don’t open it or respond. Legitimate companies rarely send payment disputes or security warnings through calendar invites. Always verify suspicious claims by logging into your official account directly.

 

2) Avoid calling numbers listed in emails or calendar invites

Phishing scams often include phone numbers that connect you to fraudsters posing as support agents. Instead of calling the number in the message, use official contact details found on the company’s official website.

 

3) Install trusted antivirus software

Antivirus programs protect your computer from malware and phishing sites by blocking suspicious downloads and warning you about unsafe websites.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Also, keeping your antivirus updated ensures it can defend against the latest threats.

 

4) Remove your personal data from public listings

Hackers are able to send you these phishing emails because they have your data. Using a personal data removal service helps scrub your personal information from data broker websites. This makes it significantly harder for attackers to gather details about you and craft convincing, targeted phishing attacks.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice.  They aren’t cheap, and neither is your privacy.  These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites.  It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet.  By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

 

Is your personal information exposed online?

Run a free scan to see if your personal info is compromised. Results arrive by email in about an hour.

 

5) Use a password manager

A password manager helps you generate and securely store strong, unique passwords for every account. This reduces the risk of reusing weak passwords that scammers can easily exploit to gain unauthorized access to your accounts.

Next, see if your email has been exposed in past breaches. Our #1 pick, NordPass, includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

 

6) Keep software and systems updated

Regularly updating your operating system, browser, and applications helps patch security vulnerabilities that attackers often exploit in phishing scams. Staying current with updates minimizes your exposure to known threats.

 

Related Links:

 

Kurt’s key takeaway

Scammers are taking phishing attacks in a disturbing new direction by manipulating trusted platforms to deliver malicious content. The safest approach is to treat any unexpected calendar invite, especially those with alarming messages or strange contact numbers, with extreme caution. Never call the number provided in the message or click on any links. Instead, go directly to official websites or your account’s official dashboard to verify suspicious activity.

Have you ever been targeted by a phishing scam disguised as an official message? Let us know in the comments below.

FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

 

Copyright 2025 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.

What's Your Reaction?

like

dislike

love

funny

angry

sad

wow