Скачать или смотреть Phishers Exploit Apple iCloud Calendar Invites and Email Infrastructure

…
Phishers are exploiting iCloud Calendar invites to send callback phishing emails directly from Apple’s email infrastructure, making the scams appear trustworthy and bypassing common spam defenses.

The lure usually pretends to be a PayPal payment receipt for $599, with a phone number for “support.” Victims who call are pressured into downloading remote-access tools, which attackers then use to steal money or data.

What makes this campaign more dangerous is that the emails pass SPF, DKIM, and DMARC checks because they are sent through Apple’s servers under the address [email protected]. Attackers embed the phishing message in the Calendar invite’s notes field and then invite a Microsoft 365 distribution list address that automatically forwards the message to many recipients.

To maintain email authentication, Microsoft’s Sender Rewriting Scheme (SRS) ensures that the forwarded messages still appear legitimate. While the scam itself is familiar, its delivery through Apple’s trusted ecosystem increases its credibility and effectiveness. Apple has not yet responded to inquiries about the abuse.


RECOMMENDATIONS:

1. Train employees to identify callback phishing tactics and avoid calling numbers from unsolicited emails.

2. Encourage staff to report suspicious calendar invites so IT can identify and block similar campaigns early.


Also in today's cybersecurity news…


VirusTotal uncovered a phishing campaign that concealed malware inside SVG image files designed to imitate Colombia’s judicial system portals.

These SVG files, which appeared harmless to traditional antivirus tools, were flagged by VirusTotal’s AI Code Insight feature for using JavaScript and HTML rendering to create fake government download pages. Victims were tricked into downloading a password-protected ZIP file that contained a renamed legitimate Comodo browser executable and a malicious DLL, enabling sideloading to install additional malware.

The phishing portals displayed case numbers, security tokens, and progress bars to increase credibility. After analyzing the first malicious SVG, VirusTotal linked it to 523 additional files that had previously evaded detection.


RECOMMENDATIONS:

1. Enhance phishing awareness training to alert users that even image files, like SVGs, can contain hidden malicious code and may impersonate official documents.

2. Advise users to confirm the legitimacy of any download prompts or government-related messages by visiting official websites directly, instead of clicking on links or downloading files from unsolicited sources.

…

Visit our blog for more daily Intel ➜ https://cyderes.com/blog

See our newsletter for deeper monthly insights ➜ https://cyderes.com/newsletter

Catch our podcast for brief cyber updates ➜    / @beeverydayready  

Follow our story ➜   / cyderes  

…

#beeverydayready #cybersecurity #cyderes