iPhone Users Targeted by New iCloud Calendar phishing Scam
Apple users are being warned about a new phishing scam exploiting iCloud calendar invites to deliver fraudulent emails that appear to originate directly from Apple. Security researchers at BleepingComputer report the scam utilizes legitimate iCloud Calendar features to bypass spam filters and trick users into divulging personal information.
The scam works by sending a calendar invite containing a phishing message. One reported instance involved an email falsely notifying a user of a charge to their PayPal account, complete with a phone number to dispute the payment. scammers aim to obtain sensitive data – such as account credentials or financial details – when victims call the provided number.
The emails appear especially convincing as they are sent from the official Apple email address, noreply@email.apple.com. BleepingComputer notes that the abuse of Apple’s email servers and the iCloud Calendar invite feature adds a layer of legitimacy,increasing the likelihood of success.
“while there is nothing particularly special about the phishing lure itself, the abuse of the legitimate iCloud Calendar invite feature, Apple’s email servers, and an Apple email address adds a sense of legitimacy to the email and also allows it to perhaps bypass spam filters as it comes from a trusted source,” BleepingComputer reported.
Users are advised to exercise caution with unexpected calendar invites containing unusual messages. Any such invites should be treated as potentially malicious.
