iCloud invitations used for PayPal phishing

The calendar within iCloud appears to be a new target for cybercriminals carrying out phishing campaigns. Researchers have reported that invitations from Apple’s calendar are being misused to send fraudulent emails posing as payment notifications.

This is according to BleepingComputer, which received reports from victims. The scammers send an invitation that looks like a normal calendar notification, but the notes contain a message that purports to be from PayPal. It claims that an amount of $599 has been charged and that the recipient must call a specified phone number to correct this. Anyone who calls is put through to a supposed employee who tries to convince the caller that their account has been hacked or that software needs to be installed to enable a refund. In reality, this is an attempt to gain access to the victim’s computer or bank details.

What makes this attack unique is that the emails do not originate from obscure servers. They are sent directly through Apple’s infrastructure. The sender address noreply@email.apple.com&nbsp easily passes the usual security checks such as SPF, DMARC, and DKIM. This makes the invitation appear legitimate and increases the likelihood that spam filters will allow the message through.

Messages difficult to block

According to BleepingComputer’s analysis, a Microsoft 365 address is used as a conduit. This address is likely part of a mailing list that automatically forwards the invitations to multiple recipients. Microsoft then rewrites the return addresses using the Sender Rewriting Scheme. This allows the messages to pass through the authentication checks. As a result, the fraudulent messages not only appear credible, but are also technically difficult to block.

Although the phishing concept itself is not new, the combination of Apple’s legitimate calendar invitations and Microsoft’s forwarding mechanism creates a credible façade. Cybercriminals are once again demonstrating their ability to find creative ways to exploit existing features of large technology companies for fraud. According to BleepingComputer, Apple has not responded to questions about this abuse.

Top story

Infoblox turns DNS into cybersecurity’s first line of defense

Infoblox positions DNS as the earliest point of cyber threat prevention, claiming to block malicious infrastr...

Berry Zwets September 2, 2025

Expert Talks

Tech calendar

iCloud invitations used for PayPal phishing

Messages difficult to block

Stay tuned, subscribe!

Google can keep Chrome and Android, avoiding a messy breakup

Atlassian acquires The Browser Company: new browser for knowledge workers

China tries its hand at advanced AI chips without Nvidia: will it succeed?

ASML becomes main shareholder in Mistral AI after 1.3B euro deal: why?

What is HPE's Unleash AI program and how does it help companies?

The evolution of HPE from a hardware to a software company

HPE’s strategy: AI, smart switches, GreenLake and beyond

HPE's rise as a credible virtualization player started with Morpheus acquisition

The AI productivity mirage: why leaders are aiming at the wrong target

Meeting future workload demands: the case for emerging memory technologies

How AI and automation are redefining ROI in the enterprise

Enhancing video encoding: The AV1 support in the new ARTPEC-9 System-on-Chip

GITEX DIGI_HEALTH 5.0 - Thailand

VeeamON Tour 2025

IT Arena

Innovation Week 2025

Luxembourg Venture Days

Appdevcon

Experience Synology’s latest enterprise backup solution

How to choose the right Enterprise Linux platform?

Enhance your data protection strategy for 2025

Strengthen your cybersecurity with DNS best practices