Malicious emails masquerading as purchase notifications have been sent using Apple servers through the exploitation of iCloud Calendar email invitations as part of a new callback phishing campaign, according to BleepingComputer.Analysis of the email shared by a BleepingComputer reader showed that it was sent using the '[email protected]' address, which has been enabled by attackers adding the phishing text to the iCloud Calendar invite through the Notes field before inviting a controlled Microsoft 365 email address '[email protected]', which is believed to be a mailing list with automated forwarding functionality.While Microsoft 365 forwarding an email from Apple's servers would not pass SPF checks, Microsoft 365's rewriting of the Return path with a Microsoft-related address ultimately permits the evasion of such security checking.Apple has so far not commented on the fraudulent scheme, which should prompt increased vigilance among individuals receiving atypical Calendar invites.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds