Hackers have discovered a new method to embed phishing scams within Apple Calendar invites, exploiting a previously trusted application, according to a report by BleepingComputer on September 7.
The scam leverages legitimate Apple Calendar invites, injecting malicious content into the invitation’s notes field. Instead of spoofed or fake invites, these are genuine calendar requests delivered through Apple’s service.
In the notes section, scammers include a message thanking the recipient for a costly purchase they did not make. This tactic aims to create a sense of urgency and concern, prompting the recipient to take immediate action.
The message also contains a phone number, deceptively presented as a dispute resolution contact. Victims, believing their credit card information may have been compromised, are inclined to call this number.
Upon calling the provided number, victims are connected to a fraudulent call center impersonating legitimate customer service representatives. These scammers offer assistance in reversing the fictitious charge and recovering the victim’s money.
As part of the scam, victims are instructed to download software to facilitate the refund process. This software, once installed, is designed to steal money from the victim’s accounts, download malware, or harvest sensitive data, further compounding the damage.
To avoid falling victim to this scam, recipients are advised to independently verify any dispute resolution number by visiting the card issuer’s or payment platform’s official website. Calling the number provided in the calendar invite directly exposes individuals to significant risk.
This new method highlights the importance of maintaining vigilance even with seemingly secure and automated applications like digital calendars. As scammers become more sophisticated, users must exercise caution and verify information before taking action.
The exploitation of Apple Calendar invites serves as a reminder that any digital platform can be a target for malicious activity. By staying informed and practicing safe online habits, individuals can protect themselves from falling prey to these types of scams.
The key takeaway is to always double-check the authenticity of contact information and avoid downloading software from unverified sources. By taking these precautions, users can significantly reduce their risk of becoming a victim of this Apple Calendar hack.
