If you've recently received what looks like a legitimate email from Apple about a PayPal charge you didn't make, don't reach for the phone just yet.
Cybercriminals have found a disturbingly clever way to abuse Apple's own email infrastructure to send convincing phishing messages that bypass security filters and land straight in your inbox.
This sophisticated scam uses iCloud Calendar invites to send callback phishing emails disguised as purchase notifications directly from Apple's email servers, making them appear completely legitimate with emails coming from noreply@email(.)apple.com and passing all standard security checks.
How this devious scam actually works
The mechanics of this scam are particularly nasty because they exploit trust in Apple's own systems.
When scammers create an iCloud Calendar event and invite external email addresses, Apple's servers automatically send an email invitation from the calendar owner's name using the address noreply@email(.)apple.com, with the phishing text hidden in the 'Notes' field.
The most common version claims recipients have been charged $599 through PayPal, urging them to call a 'support' number to dispute or cancel the charge. What makes this particularly convincing is that the email genuinely comes from Apple's servers, not some dodgy overseas operation.
'The abuse of the legitimate iCloud Calendar invite feature, Apple's email servers, and an Apple email address adds a sense of legitimacy to the email and also allows it to potentially bypass spam filters'
The real danger lies in that phone call
Here's where things get seriously dodgy. When victims call the number, scammers try to scare them into thinking their account was hacked, then ask them to download software or grant remote access to their computer, which has historically been used to steal bank funds, deploy malware, or steal sensitive data.
This callback phishing approach is designed to entrap targets who call the number, where they'll be asked to download something under false pretences, which often turns out to be a remote desktop client or information-stealing malware that will then be used to drain all your accounts.
Red flags that should set off alarm bells
Warning signs of calendar phishing emails
Generic greetings like 'Hello Customer' instead of your name
Claims about charges you didn't make, especially around $599 via PayPal
Urgent language demanding immediate action
Phone numbers to call for 'support' or to 'dispute' charges
The recipient's email address isn't actually yours (often shows a Microsoft 365 address)
Spelling errors in phone numbers (like '+1 +1' instead of just '+1')
These emails typically contain several telltale signs: generic greetings like 'Hello customer' instead of your name, the receiver's email address isn't actually yours, and spelling errors in phone numbers such as twice listing '+1'.
Why this scam is particularly dangerous for iPhone users
Unlike traditional spam that gets filtered out, these messages bypass standard security checks as they appear to come directly from Apple's mail servers, making them more likely to land in targets' inboxes and more likely to be opened.
Spammers and hackers know that most people don't expect spam in their calendar, so they're more likely to open it and less likely to be suspicious of the information and links it may contain, which could then be used to steal credentials and sensitive information or download malware to your device.
The sophistication doesn't stop there. The targeted Microsoft 365 email addresses often act as forwarding mailing lists that distribute the phishing email to multiple recipients, and Microsoft's technical systems allow these forwarded emails to retain their legitimacy, appearing to come directly from Apple's trusted infrastructure.
How to protect yourself from these sneaky invites
Essential protection steps
- Never call phone numbers included in suspicious calendar invites or emails
- Check your actual PayPal account by logging in directly through their official website
- Don't click any links within suspicious calendar events
- Report suspicious calendar invites as junk through iCloud
- Disable automatic calendar invite acceptance in your iPhone settings
- Be extra suspicious of any urgent payment notifications
The golden rule is simple: don't call numbers included in suspicious invitations or emails. If you think there's been a charge, log into your account through official channels—go directly to PayPal's website or app, don't use any links in the suspicious email.
Treat calendar invitations with the same distrust as suspicious emails: did you expect it? Does it pressure you to act now? Does it ask you to install software? You can also disable automatic addition of invitations in Calendar Settings to manually review what gets added.
Getting rid of these persistent calendar pests
If you're already being bombarded with these spam calendar invites, here's how to fight back:
For simple calendar spam:
In the Calendar app, tap the unwanted event, then tap Delete Event. If you want to report an event from an unknown contact, tap Report Junk, then Delete and Report Junk.
For stubborn subscribed calendars:
Open Settings, tap on Calendar (or for older iOS, go to Passwords & Accounts then Accounts), tap on Subscribed Calendars, identify any calendar you don't recognize, tap on it, then tap Delete Account to permanently remove it.
Alternative method that many users swear by:
Long-press the suspicious calendar invite, select 'cut', then you can select 'delete' afterwards—this method has helped many frustrated iPhone users finally get rid of persistent spam.
The bigger picture: calendar spam is evolving
Calendar spam isn't new—Apple even introduced spam reporting features years ago due to previous waves—but the phenomenon has resurfaced with force and new techniques, including cryptocurrency scams with alleged sweepstakes, urgent wallet verifications, or flash investments.
iPhone default settings allow users to receive calendar invites from anyone, even if they're not in your contact list, making it easy for spammers to infiltrate calendars.
It's sensible to ensure none of your devices are set up to auto-accept calendar invites, as this setting can be used as a vulnerability to insert unwanted spam.
A word of warning about these 'legitimate' senders
Don't be fooled by the legitimate sender email address. Besides spoofing sender addresses, criminals are finding other ways to abuse big tech infrastructure and make it look as if an email came from a legitimate company.
The fact that these emails genuinely originate from Apple's systems makes them particularly dangerous. While the lure itself—a fake PayPal receipt—is common, the use of Apple's servers and branding significantly increases the chance of victims falling for the scam.
What to do if you've already been caught
If you've already called one of these numbers or downloaded software at their request, act quickly:
- Immediately run a full antivirus scan on all your devices
- Change passwords for all financial accounts
- Check bank and credit card statements for unauthorised transactions
- Contact your bank to alert them about potential fraud
- Consider temporarily freezing your credit if you shared personal information
Remember, legitimate companies like PayPal will never ask you to download software or grant remote access to resolve billing issues. When in doubt, hang up and contact the company directly using official contact details from their website.
Have you encountered suspicious calendar invites on your iPhone? Share your experience and help warn other members of our community about these increasingly sophisticated scams.
Original Article
https://www.dailymail.co.uk/sciencetech/article-15077959/iPhone-scam-paypal-bank-accounts.html
iCloud Calendar abused to send phishing emails from Apple’s servers
Cited text: iCloud Calendar invites are being abused to send callback phishing emails disguised as purchase notifications directly from Apple's email servers...
Excerpt: This sophisticated scam uses iCloud Calendar invites to send callback phishing emails disguised as purchase notifications directly from Apple's email servers, making them appear completely legitimate with emails coming from noreply@email…
https://www.bleepingcomputer.com/ne...-to-send-phishing-emails-from-apples-servers/
iCloud Calendar abused to send phishing emails from Apple’s servers
Cited text: The lure in this email is a typical callback phishing scam, but what was strange was that it was sent from [email protected], passing the SPF, D...
Excerpt: This sophisticated scam uses iCloud Calendar invites to send callback phishing emails disguised as purchase notifications directly from Apple's email servers, making them appear completely legitimate with emails coming from noreply@email…
https://www.bleepingcomputer.com/ne...-to-send-phishing-emails-from-apples-servers/
iCloud Calendar abused to send phishing emails from Apple’s servers
Cited text: When the iCloud Calendar event is created and external people are invited, an email invitation is sent from Apple's servers at email.apple.com from th...
Excerpt: When scammers create an iCloud Calendar event and invite external email addresses, Apple's servers automatically send an email invitation from the calendar owner's name using the address [email protected]…
https://www.bleepingcomputer.com/ne...-to-send-phishing-emails-from-apples-servers/
iCloud Calendar infrastructure abused in PayPal phishing campaign | Malwarebytes
Cited text: This happens because it is an iCloud Calendar invite, with the phishing text written in the “Notes” field.
Excerpt: When scammers create an iCloud Calendar event and invite external email addresses, Apple's servers automatically send an email invitation from the calendar owner's name using the address [email protected]…
https://www.malwarebytes.com/blog/n...astructure-abused-in-paypal-phishing-campaign
iCloud Calendar infrastructure abused in PayPal phishing campaign | Malwarebytes
Cited text: When creating such an iCloud Calendar event with external people added to the invite, an email is sent from Apple’s servers from the iCloud Calendar o...
Excerpt: When scammers create an iCloud Calendar event and invite external email addresses, Apple's servers automatically send an email invitation from the calendar owner's name using the address [email protected]…
https://www.malwarebytes.com/blog/n...astructure-abused-in-paypal-phishing-campaign
iCloud Calendar abused to send phishing emails from Apple’s servers
Cited text: The goal of these emails is to trick recipients into thinking their PayPal account was fraudulently charged to make a purchase and scare the email rec...
Excerpt: The most common version claims recipients have been charged $599 through PayPal, urging them to call a 'support' number to dispute or cancel the charge
https://www.bleepingcomputer.com/ne...-to-send-phishing-emails-from-apples-servers/
iCloud Calendar Invites Abused to Send Callback Phishing Emails via Apple Servers | Black Hat Ethical Hacking
Cited text: The phishing email claimed the recipient had been billed $599 through PayPal, urging them to call a “support” number to dispute or cancel the charge.
Excerpt: The most common version claims recipients have been charged $599 through PayPal, urging them to call a 'support' number to dispute or cancel the charge
https://www.blackhatethicalhacking....d-callback-phishing-emails-via-apple-servers/
iCloud Calendar abused to send phishing emails from Apple’s servers
Cited text: When calling the number, a scammer will try to scare you into thinking your account was hacked or that they need to connect to your computer to initia...
Excerpt: When victims call the number, scammers try to scare them into thinking their account was hacked, then ask them to download software or grant remote access to their computer, which has historically been used to steal bank funds, deploy…
https://www.bleepingcomputer.com/ne...-to-send-phishing-emails-from-apples-servers/
iCloud Calendar Invites Abused to Send Callback Phishing Emails via Apple Servers | Black Hat Ethical Hacking
Cited text: Once on the phone, scammers attempt to persuade targets to install remote access tools. Historically, such scams have been used not to issue refunds b...
Excerpt: When victims call the number, scammers try to scare them into thinking their account was hacked, then ask them to download software or grant remote access to their computer, which has historically been used to steal bank funds, deploy…
https://www.blackhatethicalhacking....d-callback-phishing-emails-via-apple-servers/
iCloud Calendar infrastructure abused in PayPal phishing campaign | Malwarebytes
Cited text: A call-back phishing campaign is usually set up to entrap targets that decide to call the number listed in the invitation. They’ll be asked to downloa...
Excerpt: This callback phishing approach is designed to entrap targets who call the number, where they'll be asked to download something under false pretences, which often turns out to be a remote desktop client or information-stealing malware that…
https://www.malwarebytes.com/blog/n...astructure-abused-in-paypal-phishing-campaign
iCloud Calendar infrastructure abused in PayPal phishing campaign | Malwarebytes
Cited text: The email has many of the usual signs of a phishing mail: ... Generic greetings: “Hello customer” and not your name. The receiver’s email address is n...
Excerpt: These emails typically contain several telltale signs: generic greetings like 'Hello customer' instead of your name, the receiver's email address isn't actually yours, and spelling errors in phone numbers such as twice listing '+1'
https://www.malwarebytes.com/blog/n...astructure-abused-in-paypal-phishing-campaign
These iCloud Calendar invites look legitimate but are tricky phishing attacks—here’s how to tell | Tom's Guide
Cited text: ]com which means these messages can bypass standard security checks as they appear to come directly from Apple’s mail servers. As a result, they’re mo...
Excerpt: these messages bypass standard security checks as they appear to come directly from Apple's mail servers, making them more likely to land in targets' inboxes and more likely to be opened
https://www.tomsguide.com/computing...are-tricky-phishing-attacks-heres-how-to-tell
How To Stop & Remove iPhone Calendar Spam
Cited text: Spammers and hackers know that most people don’t expect spam in their calendar, so they are more likely to open it and less likely to be suspicious of...
Excerpt: Spammers and hackers know that most people don't expect spam in their calendar, so they're more likely to open it and less likely to be suspicious of the information and links it may contain, which could then be used to steal credentials…
https://www.kaspersky.com/resource-center/threats/how-to-get-rid-of-calendar-virus
iCloud Calendar abused to send phishing emails from Apple’s servers
Cited text: Similar to a previous phishing campaign that utilized PayPal's 'New Address' feature, it is believed that the Microsoft 365 email address to which the...
Excerpt: The targeted Microsoft 365 email addresses often act as forwarding mailing lists that distribute the phishing email to multiple recipients, and Microsoft's technical systems allow these forwarded emails to retain their legitimacy,…
https://www.bleepingcomputer.com/ne...-to-send-phishing-emails-from-apples-servers/
iCloud Calendar Invites Abused to Send Callback Phishing Emails via Apple Servers | Black Hat Ethical Hacking
Cited text: The targeted address, a Microsoft 365 email account, acted as a forwarding mailing list, distributing the phishing email to multiple recipients.
Excerpt: The targeted Microsoft 365 email addresses often act as forwarding mailing lists that distribute the phishing email to multiple recipients, and Microsoft's technical systems allow these forwarded emails to retain their legitimacy,…
https://www.blackhatethicalhacking....d-callback-phishing-emails-via-apple-servers/
iCloud Calendar Invites Abused to Send Callback Phishing Emails via Apple Servers | Black Hat Ethical Hacking
Cited text: However, Microsoft 365’s Sender Rewriting Scheme (SRS) rewrites the return path so that forwarded emails can still pass authentication. This allowed t...
Excerpt: The targeted Microsoft 365 email addresses often act as forwarding mailing lists that distribute the phishing email to multiple recipients, and Microsoft's technical systems allow these forwarded emails to retain their legitimacy,…
https://www.blackhatethicalhacking....d-callback-phishing-emails-via-apple-servers/
Phishing in iCloud Calendar: This is how fake purchases slip through the net and bypass filters.
Cited text: Don't call to numbers included in invitations or suspicious emails. If you think there's been a charge, log into your account (PayPal, bank, etc.) thr...
Excerpt: The golden rule is simple: don't call numbers included in suspicious invitations or emails.
https://en.soydemac.com/phishing-en...cuelan-falsas-compras-que-burlan-los-filtros/
Phishing in iCloud Calendar: This is how fake purchases slip through the net and bypass filters.
Cited text: Treat calendar invitations with the same distrust an email: did you expect it?, does it pressure you to act now?, does it ask you to install software?...
Excerpt: Treat calendar invitations with the same distrust as suspicious emails: did you expect it?
https://en.soydemac.com/phishing-en...cuelan-falsas-compras-que-burlan-los-filtros/
Delete calendars and events on iPhone—Apple Support
Cited text: In the Calendar app, tap the unwanted event. Tap Delete Event. Or if you want to report an event from an unknown contact, tap Report Junk, then Delete...
Excerpt: In the Calendar app, tap the unwanted event, then tap Delete Event. If you want to report an event from an unknown contact, tap Report Junk, then Delete and Report Junk
https://support.apple.com/en-us/102444
How to delete and stop iPhone calendar spam | Asurion
Cited text: Open the Settings app on your iPhone. Tap on Calendar, or for iOS 13, go to Passwords & Accounts and tap on Accounts. Tap on Subscribed Calendars. Ide...
Excerpt: Open Settings, tap on Calendar (or for older iOS, go to Passwords & Accounts then Accounts), tap on Subscribed Calendars, identify any calendar you don't recognize, tap on it, then tap Delete Account to permanently remove it
https://www.asurion.com/connect/tech-tips/how-to-delete-iphone-calendar-spam/
Spam iphone calendar invites that I canno… - Apple Community
Cited text: The only way I’ve been able to delete them is to long press the invite, select “cut”, then you can select “delete” afterwards.
Excerpt: Long press the suspicious calendar invite, select 'cut', then you can select 'delete' afterwards
https://discussions.apple.com/thread/255377055
Phishing in iCloud Calendar: This is how fake purchases slip through the net and bypass filters.
Cited text: Spam invitations in Apple Calendar are nothing new: a wave so intense that the company introduced the option to spam invites was recorded years ago.
Excerpt: Calendar spam isn't new—Apple even introduced spam reporting features years ago due to previous waves—but the phenomenon has resurfaced with force and new techniques, including cryptocurrency scams with alleged sweepstakes, urgent…
https://en.soydemac.com/phishing-en...cuelan-falsas-compras-que-burlan-los-filtros/
Phishing in iCloud Calendar: This is how fake purchases slip through the net and bypass filters.
Cited text: Even so, the phenomenon has resurfaced with force and new themes. In parallel to the fake purchases, the presence of cryptocurrency scams: alleged swe...
Excerpt: Calendar spam isn't new—Apple even introduced spam reporting features years ago due to previous waves—but the phenomenon has resurfaced with force and new techniques, including cryptocurrency scams with alleged sweepstakes, urgent…
https://en.soydemac.com/phishing-en...cuelan-falsas-compras-que-burlan-los-filtros/
How To Stop & Remove iPhone Calendar Spam
Cited text: iPhone default settings allow users to receive calendar invites from anyone, even if they are not in your contact list, which makes it easy for spamme...
Excerpt: iPhone default settings allow users to receive calendar invites from anyone, even if they're not in your contact list, making it easy for spammers to infiltrate calendars.
https://www.kaspersky.com/resource-center/threats/how-to-get-rid-of-calendar-virus
How To Stop & Remove iPhone Calendar Spam
Cited text: It is also sensible to ensure that none of your devices are set up to auto-accept calendar invites. Although this setting can be convenient for busy p...
Excerpt: iPhone default settings allow users to receive calendar invites from anyone, even if they're not in your contact list, making it easy for spammers to infiltrate calendars.
https://www.kaspersky.com/resource-center/threats/how-to-get-rid-of-calendar-virus
iCloud Calendar infrastructure abused in PayPal phishing campaign | Malwarebytes
Cited text: Don’t be fooled by the legitimate sender email address. Besides spoofing a sender email address, criminals are finding other ways to abuse big tech in...
Excerpt: Don't be fooled by the legitimate sender email address. Besides spoofing sender addresses, criminals are finding other ways to abuse big tech infrastructure and make it look as if an email came from a legitimate company
https://www.malwarebytes.com/blog/n...astructure-abused-in-paypal-phishing-campaign
iCloud Calendar Invites Abused to Send Callback Phishing Emails via Apple Servers | Black Hat Ethical Hacking
Cited text: While the lure itself — a fake PayPal receipt — is common, the use of Apple’s servers and branding significantly increases the chance of victims falli...
Excerpt: While the lure itself—a fake PayPal receipt—is common, the use of Apple's servers and branding significantly increases the chance of victims falling for the scam
https://www.blackhatethicalhacking....d-callback-phishing-emails-via-apple-servers/
Seniors Discount Club
Latest Articles
-
-
The $9 Bunnings secret that's been hiding in the paint aisle for decades
- Started by Gian T
- Replies: 0
-
Sydney once produced its own food – but urban development has devoured the city’s food bowl
- Started by The Conversation
- Replies: 0
-
Cash or card? Why those extra fees are hitting your wallet harder than ever
- Started by Gian T
- Replies: 0
-
Only in Australia! How a runaway sheep was safely strapped into a car seat
- Started by Maan
- Replies: 0
