- E emails come from Apple servers bypassing SPF, DKIM and DMARC controls
- Scam asks the victims to call a support number for a fake refund
- Scammers press users to download tools for remote access on their systems
Apple users are now facing an unusual phishing campaign that utilizes iCloud calendar invitations.
Unlike traditional scams that send E emails from random servers, these messages are sent through Apple’s own infrastructure.
This gives them immediate credibility and makes it harder for spam filters and the best ransomware -protection systems to stop them.
How the trick works
According to Bleeping computer, Fidus works by inserting a phishing message into the notes field into a calendar invitation.
Once Apple is created, Apple automatically sends the invitation as an E email from its trusted servers.
This means that the message passes critical controls such as SPF, DKIM and DMARC, giving the appearance of a legitimate Apple email.
In a reported case, the calendar invitation was sent to a Microsoft 365 address checked by attackers.
From there, it was automatically forwarded to a group of emailing list that multiplied the scope of the fid.
As Microsoft uses the sender’s rewrite scheme to keep the messages valid, the phishing -e email arrived and looks authentic.
The lure itself was simple but effective. Victims were told they had been charged $ 599 for PayPal.
The message urged them to call a number to support to resolve the fee.
On the surface, it routinely looks, but the real goal is to get victims to call scammers directly.
When a person calls the number, the scammers try to push them to download tools for remote access.
During the prolonging a refund, the striker then connects to the victim’s system.
At that time, they can try to drain bank accounts, plant malicious files or steal personal data.
The alarming part is not the itself itself, which is a well -known tactic. That’s the way attackers made Apple’s own calendar service a delivery tool.
By using [email protected] -address, e -emails get a sense of confidence and can slip past even cautious users.
Apple has not publicly treated this specific abuse. Until there are several direct protective measures, the burden of users falls to stay aware.
Some scams like this are also dependent on installing hidden software that requires removal of malware later.
For this campaign, the best antivirus alone is not enough, and E -mail approval systems that worked as the design but abuse of a trusted platform meant that scam was still coming through.
How to remain safe
- Treat any unexpected calendar invitation with caution, especially if it mentions payments or supports hotlines.
- Do not call phone numbers included in suspicious calendar invitations.
- Keep your devices up to date and run an antivirus with strong malware removal features.
- Use reliable ransomware protection and perform routine system control to protect sensitive accounts.
- If an invitation looks suspicious, delete it rather than interacting with it.
