Scammers Use iCloud Calendar to Phish Users

4d Developing 1 source

Security reporters say attackers are abusing Apple’s iCloud Calendar invites—sent from Apple’s noreply domain—and Microsoft 365 forwarding behavior to deliver phishing content that bypasses spam filters. The invites place a fraudulent PayPal-dispute message in the calendar 'Notes,' prompting victims to call a scammer who then requests remote‑access software or financial information. The tactic leverages Sender Rewriting Scheme (SRS) forwarding so the messages pass SPF checks and appear legitimate to recipients and automated filters.

AI & Tech Cybersecurity

📰 Sources (1)

Scammers are abusing iCloud Calendar to send phishing emails

Fox News September 26, 2025

New information:

Attackers send calendar invites appearing to come from noreply@email.apple.com and embed the phishing text in the event Notes.
Microsoft 365 forwarding (SRS) is used so forwarded invites pass SPF checks and reach recipients' inboxes without being flagged as spam.
Scammers’ goal is to trick recipients into calling a fake support number, then obtaining remote access or stealing financial credentials via a purported PayPal dispute.