Attackers are abusing iCloud Calendar invites to send phishing messages that pose as PayPal notifications, BleepingComputer reports. Since the messages are sent from Apple’s infrastructure, they’re more likely to bypass security filters.
BleepingComputer explains, “This email is actually an iCloud Calendar invite, where the threat actor included the phishing text within the Notes field and then invited a Microsoft 365 email address that they controlled. When the iCloud Calendar event is created and external people are invited, an email invitation is sent from Apple's servers at email.apple.com from the iCloud Calendar owner's name with the email address ‘noreply@email[.]apple[.]com.’”
The email informs the recipient of a six-hundred-dollar charge on their PayPal account, and tells them to call a phone number if they want to cancel the charge. The messages state:
“Hello Customer, Your PayPal account has been billed $599.00. We're confirming receipt of your recent payment. If you wish to discuss or make changes to this payment, please contact our support team at [phone number]. Contact us to cancel at [same number].”
If a user calls the number, the scammer will try to convince them to hand over their credentials or install a remote access tool that will grant the attacker control over their computer.
“While there is nothing particularly special about the phishing lure itself, the abuse of the legitimate iCloud Calendar invite feature, Apple's email servers, and an Apple email address adds a sense of legitimacy to the email and also allows it to potentially bypass spam filters as it comes from a trusted source,” BleepingComputer says. “As a general rule, if you receive an unexpected Calendar invite with a strange message within it, it should be treated with caution.”
Attackers are always looking for new ways to bypass technical security controls. AI-powered security awareness training can give your organization an essential layer of defense against phishing and other social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
BleepingComputer has the story.
Here's how it works:
