iCloud Calendar abused to send phishing emails from Apple’s servers www.bleepingcomputer.com/news/secu…

iCloud Calendar invites are being abused to send callback phishing emails disguised as purchase notifications directly from Apple’s email servers, making them more likely to bypass spam filters to land in targets' inboxes.

When the iCloud Calendar event is created and external people are invited, an email invitation is sent from Apple’s servers at email.apple.com from the iCloud Calendar owner’s name with the email address “noreply@email.apple.com” In the email seen by BleepingComputer, the invitation is addressed to a Microsoft 365 account, “Billing3@WilliamerDickinsonerLTD.onmicrosoft.com”.

Similar to a previous phishing campaign that utilized PayPal’s “New Address” feature, it is believed that the Microsoft 365 email address to which the invite is sent is actually a mailing list that automatically forwards any email it receives to all other group members. In this case, the mailing list members are the targets of the phishing scam.