Calendar Invites: A New Phishing Threat

Close,Up,Asian,Woman,Hold,Smartphone,Device,For,Choose,Item

Scammers are now using trusted Apple and PayPal calendar invites to bypass security and steal personal data, undermining digital trust and putting everyday Americans at risk.

Story Snapshot

Cybercriminals exploit iCloud Calendar and Microsoft 365 invites to deliver fake PayPal purchase notifications.
Scam messages appear authentic, bypassing traditional email security filters and targeting Apple users.
Victims are tricked into calling fraudulent support numbers, risking identity and financial theft.
Security experts urge users to delete suspicious invites and verify transactions directly on PayPal’s website.

Phishing Tactics Abuse Trusted Calendar Infrastructure

Beginning in early September 2025, cybersecurity researchers reported a surge in phishing attempts targeting Apple and Microsoft users through calendar invites masquerading as PayPal purchase receipts. Unlike typical spam, these invites exploit legitimate infrastructure—iCloud Calendar and Microsoft 365—making them difficult for automated security systems and users to detect. The scam’s sophistication lies in leveraging users’ trust in Apple and PayPal, using official-looking messages and urgent prompts to call fake support numbers. This approach bypasses traditional email protections and increases the likelihood of victims engaging with malicious actors.

Industry experts emphasize that this method marks a dangerous evolution in phishing attacks. Historically, cybercriminals relied on email or SMS, but the abuse of calendar invites is a new tactic that first gained notoriety in spam waves during the late 2010s. Previously, iCloud Calendar spam was mostly promotional, not financial. Now, the scam targets financial data directly, combining the credibility of calendar infrastructure with fraudulent purchase notifications. This hybrid technique is designed to slip past both technical and human defenses, with callback numbers included to further the deception.

Scammers Are Exploiting Apple Calendar to Send Phishing Emails (Again) https://t.co/FkqTEZpPap

— Ray (@R4yt3d) September 8, 2025

Victims, Tech Companies, and Cybersecurity Response

The primary targets of this campaign are Apple/iCloud and Microsoft 365 users—especially those with PayPal accounts. Scammers aim to extract sensitive financial and personal information by exploiting calendar systems that many users rely on for daily scheduling. Apple, Microsoft, and PayPal face mounting pressure to respond, as their platforms are being abused to distribute these phishing messages. In response, both Apple and PayPal have issued advisories urging users to delete suspicious invites and avoid responding to any embedded phone numbers. Cybersecurity firms like Malwarebytes and Bleeping Computer are actively monitoring developments, publishing guidance and detection tools to help users identify and report scam activity.

Economic and Social Impact, Expert Analysis

Short-term consequences include financial loss and identity theft for affected users, heightened anxiety, and confusion among Apple and PayPal customers. Long-term, the continued abuse of calendar infrastructure threatens to erode trust in digital notifications, forcing tech companies to invest more in security and user support. Businesses using Microsoft 365 mailing lists also face increased exposure. Regulatory scrutiny may intensify if the scams persist or escalate, driving industry-wide changes in security protocols.

The use of iCloud Calendar and Microsoft 365 infrastructure—combined with PayPal impersonation and urgent messaging—presents a credible, validated threat. No major arrests or takedowns have been reported as of September 2025, and monitoring continues as the scam evolves. The consensus remains: vigilance and direct verification are the best defenses for consumers.