Cybersecurity researchers have identified a sophisticated callback phishing campaign exploiting iCloud Calendar invites, allowing fraudulent purchase notifications to originate from legitimate Apple email servers. This technique enables malicious emails to bypass standard SPF, DMARC, and DKIM security checks, significantly increasing their likelihood of reaching target inboxes and deceiving recipients into contacting scammers. The method leverages trusted infrastructure, posing a heightened and nuanced risk of financial fraud, data compromise, and operational disruption for firms and their personnel by circumventing conventional email security protocols.
A sophisticated callback phishing campaign has been identified leveraging Apple's (AAPL) iCloud Calendar infrastructure to bypass standard email security protocols. The attack vector involves sending calendar invitations from legitimate Apple servers (`noreply@email.apple.com`), which inherently pass SPF, DMARC, and DKIM authentication checks. Malicious content, such as a fraudulent PayPal (PYPL) payment notification for $599, is embedded within the calendar event's notes field, designed to induce panic and prompt the recipient to call a scammer-controlled phone number. The distribution method reportedly utilizes Microsoft (MSFT) 365 mailing lists, which forward the initial Apple-sent invitation to a broader target audience, using the Sender Rewriting Scheme (SRS) to maintain email authentication integrity. While the direct market impact is assessed as low (0.3), this technique represents a significant operational and reputational risk. It demonstrates a critical vulnerability in trust-based systems, where threat actors abuse legitimate services from mega-cap technology firms to circumvent security filters and enhance the credibility of their social engineering attacks.
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Request a DemoOverall Sentiment
moderately negative
Sentiment Score
-0.60
Ticker Sentiment
