Apple Calendar Trick Used in PayPal Phishing Scam

Apple Calendar Trick Used in PayPal Phishing Scam

John Lister's picture
Submitted by John Lister on Wed, 09/10/2025 - 08:43

Emails which appear to come from Apple email servers may be carefully crafted spam. Scammers have found a way to abuse Apple's calendar tools to disguise the spam and bypass filters.

The spam is getting to many more recipients than usual as the messages appear to come from the user noreply[@]email.apple.com. It appears to be convincing enough that some spam filter systems are treating it as coming from a legitimate source within Apple, which is clearly not something most people would want blocked.

The trick behind the spam is that the original message isn't sent as a standard email. Instead it's technically an event invite created and sent in Apple's iCloud calendar tool. The invite is sent to a mailing list that is set to redirect messages to a huge number of people.

Microsoft Exploited

The scam works because the mailing list uses a Microsoft 365 account for the supposed sender, a tactic which exploits a technical measure that makes email forwarding less problematic. (Source: bleepingcomputer.com)

The outcome is somewhat complicated, but in very simple terms Microsoft thinks everything is legitimate because Microsoft appears to be the sender, while everyone else thinks it's legitimate because it comes from Apple.

The invite is crafted to look like a normal email message, with the most common version of the scam being a bogus payment receipt that supposedly involves money being taken out of the recipient's PayPal account for a purchase they never made.

"Call Back" Scam

The message includes a phone number to call if the payment is incorrect. That's actually a way to get the victim on the phone, most likely to trick them into allowing remote access to their computer to Indian scammers, supposedly to install software either to "initiate a refund" or fix supposed account hacking. Such scams are known as a "call-back phishing" campaign.

Creative as the specific tactics for distributing the message are, the core of the scam is extremely familiar. While spam filtering can reduce the number of scam messages people receive, it's still important to watch out for suspicious signs such as unsolicited messages creating a sense of urgency or asking people to click a link or call a number. (Source: malwarebytes.com)

What's Your Opinion?

Have you spotted any of these emails? How good is your email provider at filtering out spam? Have you ever received a suspicious email that turned out to be legitimate?

Rate this article: 
Average: 5 (2 votes)
Category:
Security
Tags:
spam
,
email

Comments

russoule's picture

Submitted by russoule on Wed, 09/10/2025 - 14:18

so I have email accounts with Juno, AOL, Google and Yahoo. I HAVE received many of the noreply@bla,blah,bla requesting a phone call or "click here" and virtually 100% were on my AOL email. we depend a lot on these servers to siphon off the crapmail for us and most do a pretty fair job, considering how much they have to contend with. but the reality is that it is OUR responsibility to make sure the stuff coming in is legitimate. if you didn't send an email out in the last 24-48 hours, you should not be getting a "noreply" email back. just delete it.

as an aside, my Juno email allows me to display the complete header BEFORE I open it so I can see if it is a suspicious email; or not.

Need Help? Ask!



My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).

We are BBB Accredited

We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.