"The scammers send an invitation that looks like a normal calendar notification, but the notes contain a message that purports to be from PayPal. It claims that an amount of $599 has been charged and that the recipient must call a specified phone number to correct this. Anyone who calls is put through to a supposed employee who tries to convince the caller that their account has been hacked or that software needs to be installed to enable a refund."
"What makes this attack unique is that the emails do not originate from obscure servers. They are sent directly through Apple's infrastructure. The sender address noreply@email.apple.com&nbsp easily passes the usual security checks such as SPF, DMARC, and DKIM. This makes the invitation appear legitimate and increases the likelihood that spam filters will allow the message through. According to BleepingComputer's analysis, a Microsoft 365 address is used as a conduit."
iCloud calendar invitations are being misused to deliver phishing messages that impersonate payment notifications. Invitations appear as normal calendar notifications while the notes claim a $599 PayPal charge and instruct recipients to call a specified phone number to correct the charge. Callers are connected to fraudsters who claim the account was hacked or that software must be installed to enable a refund, aiming to steal computer access or banking details. The messages are sent through Apple's own infrastructure using a noreply@email.apple.com  sender address that passes SPF, DMARC, and DKIM checks. Microsoft 365 mailing-list forwarding and Sender Rewriting Scheme rewriting enable messages to pass authentication and become hard to block.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]