Scammers exploit Apple’s trusted email system to distribute callback phishing scams.
Callback scams disguised as payment alerts
Threat actors are abusing Apple’s iCloud Calendar feature to distribute phishing emails that appear to originate directly from Apple’s servers. Perpetrators are exploiting this feature to make fraudulent messages look legitimate so they slip past spam detection filters.
In one reported case, a recipient received what appeared to be a PayPal payment receipt for $599.