- Electronic emails come from Apple servers, avoiding SPF, DKIM and DMARC verifications
- The scam asks victims to call a support number for a false refund
- ESPEAFERS Press Users to download remote access tools in their systems
Apple users now face an unusual phishing campaign that exploits the invitations of the ICLOUD calendar.
Unlike traditional scams that send emails from random servers, these messages are sent through Apple’s own infrastructure.
This gives them instant credibility and makes it more difficult for spam filters and the best ransomware protection systems to stop them.
How the trick works
According to Bleepingcomuter, the scam works by inserting a pHishing message in the field notes of a calendar invitation.
Once created, Apple automatically sends the invitation as an email from your trust servers.
That means that the message happens critical checks such as SPF, DKIM and DMARC, giving the appearance of a legitimate email of Apple.
In an informed case, the calendar invitation was sent to a Microsoft 365 address controlled by the attackers.
From there, a group of group mail was automatically sent, multiplying the scope of the scam.
Since Microsoft uses the rewriting scheme of the sender to maintain valid messages, Phishing’s email reached an authentic appearance.
The lure itself was simple but effective. The victims were told that they had charged $ 599 in PayPal.
The message urged them to call a number for the support to resolve the position.
On the surface, it seems routine, but the real objective is to make the victims call the scammers directly.
Once a person marks the number, the scammers try to press them to download remote access tools.
Under the claim to issue a refund, the attackers connect with the victim’s system.
At that time, they can try to drain bank accounts, plant malicious files or steal personal data.
The alarming part is not the call return scam itself, which is a family tactic. It is the way the attackers turned Apple’s own calendar service into a delivery tool.
When using the direction [email protected], the emails obtain a sense of trust and can even pass through users.
Apple has not publicly approached this specific abuse. Until there are more direct safeguards, the load falls to users to stay alert.
Some scams such as this also depend on the installation of hidden software that requires complete malware elimination later.
For this campaign, the best antivirus alone is not enough, and email authentication systems worked as designed, but the abuse of a reliable platform meant that the scam still arrived.
How to stay safe
- Try any unexpected calendar invitation with caution, especially if you mention payments or support direct lines.
- Do not call the phone numbers included in suspicious calendar invitations.
- Keep your updated devices and run an antivirus with strong malware removal features.
- Use reliable ransomware protection and perform system routine checks to protect confidential accounts.
- If an invitation seems suspicious, eliminate it instead of interacting with it.
