Have you ever received an email that seemed legit enough to almost click? That's what is happening now! Hackers are abusing the Apple iCloud Calendar to send fake emails that literally originate and are sent directly from Apple's servers. Because of this many people are being tricked into believing that they are real emails.
Often the emails:
• Are formatted as regular meeting or event invites.
• Contain links to bogus websites.
• Attempt to steal your Apple ID, credit card info, or passwords.
And, here's the scary part: traditional spam filters don't flag them since they come from Apple.
• They trick more people
• They can spread easily with calendar invites
How many calendar invites have you seen that say "You won a free iPhone"? That's it at work.
Apple will need to:
• Implement better checks before sending invites.
• Prevent hackers from sending large amounts of invites at one time.
Until then the issue will remain.
• Do not click links in random invites.
• Delete invites instead of declining (decline tells the sender that your account is 'active').
• Enable 2FA (Two-Factor Authentication) for your Apple ID.
• Report fraudulent invites to Apple.
Every day people get unwittingly scammed. Let's do our best to never be one of those people.
So what's going on?
Hackers discovered a way to send fake meeting invites from iCloud Calendar. Since they are sent from Apple servers, they appear completely legit.Often the emails:
• Are formatted as regular meeting or event invites.
• Contain links to bogus websites.
• Attempt to steal your Apple ID, credit card info, or passwords.
And, here's the scary part: traditional spam filters don't flag them since they come from Apple.
Why is this a danger?
Usually, it's easy to spot phishing emails. They have misspellings, strange-sounding email addresses, or just a general lack of professionalism. This time, however, these emails are perfect, because they actually come from Apple.To summarize:
• They are hard to block• They trick more people
• They can spread easily with calendar invites
How many calendar invites have you seen that say "You won a free iPhone"? That's it at work.
Why can't Apple fix it?
Apple are aware that this exists and while they could fix it, it's not as easy as it sounds. Hackers are always trying to abuse legitimate services. Google Docs had this same problem not too long ago hackers were sending fake links in document comments from actual documents.Apple will need to:
• Implement better checks before sending invites.
• Prevent hackers from sending large amounts of invites at one time.
Until then the issue will remain.
How can you protect yourself
Don’t fret—you can still protect yourself. Consider the following:• Do not click links in random invites.
• Delete invites instead of declining (decline tells the sender that your account is 'active').
• Enable 2FA (Two-Factor Authentication) for your Apple ID.
• Report fraudulent invites to Apple.
Final thoughts
I always thought emails from Apple were the safest. However, as you can see it is disheartening to find out that even large companies can get fooled. Trust your gut feeling, and if you feel weird about something - even if it says it is from Apple - do not trust it.Every day people get unwittingly scammed. Let's do our best to never be one of those people.
