Experts are warning iPhone users worldwide, numbering around 1.8 billion, about a new, sophisticated scam that’s targeting bank accounts. This phishing scam, which appears to come from Apple itself, is deceiving users into clicking on calendar invites that contain malicious links, designed to steal sensitive login data and empty bank accounts.
How the Scam Works
The scam involves iCloud Calendar invites sent from legitimate Apple email addresses, making the messages appear trustworthy and bypassing spam filters. Unlike traditional phishing emails, which often contain suspicious email addresses and noticeable typos, these malicious invites are much harder to detect because they come directly from Apple’s servers.
The scam typically presents itself as a fake purchase notification, such as a PayPal bill, with a phone number to call in case of an issue. For instance, one such email claimed, “Hello Customer, Your PayPal account has been billed $599.00. We’re confirming receipt of your recent payment,” according to Forbes. The aim is to trick users into calling fraudulent customer support numbers.
.
Apple users are being targeted with Calendar invites including a fake purchase. (Getty Stock Images)
Why It’s Dangerous
Once the victim calls the number, scammers claim their account has been hacked and convince them to download malicious software, which allows the attackers to steal personal credentials and money. This is a variation of the well-known “callback phishing scam,” where the attacker manipulates the victim into believing there’s an urgent need to act.
“Because these invites are sent from Apple’s legitimate servers, they pass authentication checks and appear trustworthy,” explained Jamie Akhtar, CEO of CyberSmart. This makes the scam far more difficult for traditional email filters to block.
How to Protect Yourself
Apple has issued a warning about the scam, and experts recommend the following precautions:
- Skepticism is key: Always question whether the communication seems genuine and if you were expecting it. Scammers often create a sense of urgency to push victims into acting without thinking.
- Verify through trusted channels: If you receive a suspicious calendar invite or email, don’t click on any links. Instead, verify the message through official means, such as directly contacting the company or checking your account history.
- Treat calendar invites like emails: Just because an invite looks legitimate doesn’t mean it is. Be cautious of any unexpected invites, especially those containing links or phone numbers.
- Be cautious of urgent requests: If the message pressures you to act quickly or sparks emotional reactions (fear, excitement, etc.), take a step back and double-check the details.
Conclusion
This new scam highlights how clever cybercriminals are getting at bypassing traditional security measures. iPhone users must be especially careful and remain vigilant about any unsolicited calendar invites or emails, particularly those involving financial transactions. Always double-check any unexpected communication and protect your personal information.
