Close Menu

    Subscribe to Updates

    Get the latest tech news from Tallwire.

      What's Hot

      Social Media Ban Proposal Sparks Fears of Collateral Damage for Educational Technology Firms

      July 16, 2026

      Washington’s Intel Gamble Begins Delivering Strategic Results

      July 16, 2026

      U.S. Biotechs Turn to Secrecy as China Accelerates Drug Development Race

      July 16, 2026
      Facebook X (Twitter) Instagram
      • Tech
      • AI
      • Get In Touch
      Facebook X (Twitter) LinkedIn
      TallwireTallwire
      • Tech

        U.S. Biotechs Turn to Secrecy as China Accelerates Drug Development Race

        July 16, 2026

        Fiat Bets on Tiny EV as Affordable Transportation Returns to the Spotlight

        July 15, 2026

        Personalized UVB Device Promises Vitamin D Benefits While Raising Questions About Medicalizing Everyday Health

        July 15, 2026

        Meta Patent Ignites Fresh Fears Over AI-Powered Emotional Surveillance

        July 14, 2026

        AI Protesters March on Silicon Valley Giants Demanding Development Freeze

        July 14, 2026
      • AI

        Washington’s Intel Gamble Begins Delivering Strategic Results

        July 16, 2026

        AI Chatbots Face Growing Scrutiny as Mental Health Risks Draw Medical Alarm

        July 16, 2026

        U.S. Biotechs Turn to Secrecy as China Accelerates Drug Development Race

        July 16, 2026

        Record Industry Pushes for AI Labels on Streaming Music

        July 15, 2026

        AI Chatbots Increasingly Clash With Eating Disorder Treatment

        July 15, 2026
      • Security

        Social Media Ban Proposal Sparks Fears of Collateral Damage for Educational Technology Firms

        July 16, 2026

        China’s AI Distillation Campaign Raises New Concerns Over U.S. Technology Security

        July 13, 2026

        AI Tools Increasingly Exploited by Terrorist Organizations, New Research Finds

        July 13, 2026

        Pentagon Expands Engineering Recruitment to Restore America’s Military Technology Edge

        July 13, 2026

        EU Lawmakers Advance Controversial Private Message Scanning Measure Despite Mounting Privacy Concerns

        July 12, 2026
      • Health

        AI Chatbots Face Growing Scrutiny as Mental Health Risks Draw Medical Alarm

        July 16, 2026

        AI Chatbots Increasingly Clash With Eating Disorder Treatment

        July 15, 2026

        Personalized UVB Device Promises Vitamin D Benefits While Raising Questions About Medicalizing Everyday Health

        July 15, 2026

        Humanoid Robots Complete First Live Surgical Procedures in Medical Milestone

        July 14, 2026

        Meta Patent Ignites Fresh Fears Over AI-Powered Emotional Surveillance

        July 14, 2026
      • Science

        AI Chatbots Face Growing Scrutiny as Mental Health Risks Draw Medical Alarm

        July 16, 2026

        U.S. Biotechs Turn to Secrecy as China Accelerates Drug Development Race

        July 16, 2026

        Scientists Advance “StormWall” Concept to Defend Earth from Catastrophic Solar Storms

        July 15, 2026

        Personalized UVB Device Promises Vitamin D Benefits While Raising Questions About Medicalizing Everyday Health

        July 15, 2026

        Humanoid Robots Complete First Live Surgical Procedures in Medical Milestone

        July 14, 2026
      • Tech

        AI Protesters March on Silicon Valley Giants Demanding Development Freeze

        July 14, 2026

        Palo Alto Networks CEO Warns AI Costs Must Plunge Before Enterprise Adoption Can Accelerate

        July 14, 2026

        DeepMind Unionization Effort Encounters Early Resistance as Labor Talks Stall

        July 11, 2026

        Always-On Workplace Culture Pushes Employees Toward the Breaking Point

        July 10, 2026

        High-Income Families Embrace AI-Driven Schools as Alternative Education Expands

        July 9, 2026
      TallwireTallwire
      Home»Tech»Phishers Hijack iCloud Calendar Invites to Mask Callback Scams Using Apple & Microsoft Infrastructure
      Tech

      Phishers Hijack iCloud Calendar Invites to Mask Callback Scams Using Apple & Microsoft Infrastructure

      Updated:February 21, 20263 Mins Read
      Facebook Twitter Pinterest LinkedIn Tumblr Email
      Phishers Hijack iCloud Calendar Invites to Mask Callback Scams Using Apple & Microsoft Infrastructure
      Phishers Hijack iCloud Calendar Invites to Mask Callback Scams Using Apple & Microsoft Infrastructure
      Share
      Facebook Twitter LinkedIn Pinterest Email

      Scammers are exploiting Apple‘s iCloud Calendar system to send callback phishing emails that appear to originate from Apple’s own mail servers—complete with valid SPF, DKIM, and DMARC authentication—making them much more likely to bypass spam filters and land directly in users’ inboxes. The scam works by embedding phishing text in the Notes field of an iCloud Calendar event, which is then sent from noreply@email.apple.com, inviting a Microsoft 365 address that likely serves as a mailing list to forward the invite to multiple targets. Microsoft’s Sender Rewriting Scheme (SRS) allows the malicious invite to retain its authenticated appearance even after forwarding. Victims are lured by a fake PayPal payment notice and instructed to call a number, where they are pressured into installing remote access tools—often leading to malware infections, stolen data, or drained bank accounts. 

      Sources: Bleeping Computer, Malwarebytes, Bitdefender

      Key Takeaways

      – Trusted Infrastructure Misused: Attackers are abusing legitimate systems—Apple’s iCloud Calendar and Microsoft’s email forwarding—to make phishing attempts appear authentic and evade spam detection.

      – Effective Social Engineering: Posing as urgent PayPal payment notices, these phishing emails press victims to call a malicious support line, where they’re tricked into granting remote access or downloading harmful software.

      – Stay Vigilant with Unexpected Invites: Treat any surprise calendar invites—especially those with odd messages or supposed financial content—as potential scams, and verify through trusted channels before responding.

      In-Depth

      Scammers are stepping up their game by weaponizing a seemingly benign feature—Apple’s iCloud Calendar—to deliver phishing lures that slide right into users’ inboxes with alarming legitimacy. By embedding their deceptive message in the Notes field of a calendar event, attackers exploit Apple’s trusted domain (noreply@email.apple.com) to pass all major email authentication checks—SPF, DKIM, and DMARC—convincingly, as reported by Bleeping Computer. 

      The scheme doesn’t stop there. The phony invite is sent to a Microsoft 365 address likely created as part of a mailing list; as it forwards the invite to intended victims, Microsoft’s Sender Rewriting Scheme (SRS) retools the return path, enabling the forwarded email to continue passing SPF validation. Meanwhile, the “From” address still reads as Apple, helping the phishing message dodge detection systems. 

      Victims typically receive what looks like a PayPal receipt—such as a $599 charge—and are urged to call a support number to “dispute” or “cancel” it. Once they call, attackers employ scare tactics, asking to connect remotely or install software—often leading to data theft, malware infections, or drained accounts. 

      This attack demonstrates how social engineering paired with technical subversion of trusted platforms can be astoundingly effective. To protect yourself, never respond directly to unexpected calendar invites; instead, log in to the relevant service (like PayPal) directly via your browser, enable two-factor authentication, and report phishing attempts to proper channels. Above all, treat unsolicited calendar messages with the same scrutiny you’d reserve for suspicious emails—because today’s threat actors are counting on your guard being down.

      Apple Microsoft
      Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
      Previous ArticlePeter Thiel’s ‘Tech Bilderberg’ Group Plans Expansion
      Next Article Phoenix Attack: New RowHammer Variant Exposes DDR5 Memory to Rapid Breach

      Related Posts

      Washington’s Intel Gamble Begins Delivering Strategic Results

      July 16, 2026

      U.S. Biotechs Turn to Secrecy as China Accelerates Drug Development Race

      July 16, 2026

      Record Industry Pushes for AI Labels on Streaming Music

      July 15, 2026

      Fiat Bets on Tiny EV as Affordable Transportation Returns to the Spotlight

      July 15, 2026
      Add A Comment
      Leave A Reply Cancel Reply

      Editors Picks

      U.S. Biotechs Turn to Secrecy as China Accelerates Drug Development Race

      July 16, 2026

      Fiat Bets on Tiny EV as Affordable Transportation Returns to the Spotlight

      July 15, 2026

      Personalized UVB Device Promises Vitamin D Benefits While Raising Questions About Medicalizing Everyday Health

      July 15, 2026

      Meta Patent Ignites Fresh Fears Over AI-Powered Emotional Surveillance

      July 14, 2026
      Popular Topics
      Sundar Pichai Space Tesla Cybertruck Startup starlink Software Viral Satya Nadella Tim Cook trending Series B Taiwan Tech UAE Tech spotlight Stocks Series A Samsung SpaceX Tesla Satellite
      Major Tech Companies
      • Apple News
      • Google News
      • Meta News
      • Microsoft News
      • Amazon News
      • Samsung News
      • Nvidia News
      • OpenAI News
      • Tesla News
      • AMD News
      • Anthropic News
      • Elbit News
      AI & Emerging Tech
      • AI Regulation News
      • AI Safety News
      • AI Adoption
      • Quantum Computing News
      • Robotics News
      Key People
      • Sam Altman News
      • Jensen Huang News
      • Elon Musk News
      • Mark Zuckerberg News
      • Sundar Pichai News
      • Tim Cook News
      • Satya Nadella News
      • Mustafa Suleyman News
      Global Tech & Policy
      • Israel Tech News
      • India Tech News
      • Taiwan Tech News
      • UAE Tech News
      Startups & Emerging Tech
      • Series A News
      • Series B News
      • Startup News
      Tallwire
      Facebook X (Twitter) LinkedIn Threads Instagram RSS
      • Tech
      • Entertainment
      • Business
      • Government
      • Academia
      • Transportation
      • Legal
      • Press Kit
      © 2026 Tallwire. Optimized by ARMOUR Digital Marketing Agency.

      Type above and press Enter to search. Press Esc to cancel.