Chalk this up under the enormous, ever-growing bucket titled “New Shit to Be Afraid Of.” Hackers have figured out a way to sneak phishing scams into the notes section of Apple Calendar invites, marking just one more normally secure, dependable app as a potential minefield of digital destruction.How the Apple Calendar scam worksWe know, by now, to be leery of unprompted text messages and emails. Together, they’re scammer central. Because we’re so busy keeping our guard up around obvious vectors for scams, hacks, viruses, and phishing attempts, we often lower our guard for more mundane, automated actions, such as calendar invites.an icloud calendar invite that’s actually a phishing attempt – Credit: BLEEPINGCOMPUTERWho’d suspect calendar invites? They’re these semi-automated things that plop into our email inboxes, designed around an official, relatively staid format, any time somebody requests to add an event to our calendars.Dentist appointments, flights, hotel stays, work Zooms, and sports games. These are the kinds of things that populate our digital calendars—all boring, non-threatening stuff. And yet, as BleepingComputer reported on September 7, hackers have found a way to exploit this seemingly last bastion of bland, beige online innocence.How it works is that the scammer sends you a calendar invite. Not a lookalike, but a real one through Apple’s calendar service. Then, in the invitation’s “notes” field, where they can type a short message, they thank you for making an expensive purchase.Only you know you didn’t make a purchase. “Hold up,” you think. “Did my credit card information get stolen? And some jerk used it to buy this Very Expensive Thing??” You see, in the message in the “notes” field, a phone number that you can use to dispute the charge.So you call it. You don’t know yet that it’s not PayPal’s real customer service number. The person who answers sounds professional, like an honest customer service rep. They’re helpful, and they offer to help you reverse this charge and get you your money back.You have to download a piece of software to run it first. When you download the software, it can steal money from your accounts, download malware, or steal other sensitive data from you.Now that you know how the scam works, avoiding it is easy. If you suspect that you really have been the victim of a fake charge, go to the card issuer’s or PayPal’s official website to find the number before you call it. Don’t just call the number in the calendar invite.The post Hackers Can Now Penetrate Your Apple Calendar. Here’s How to Spot the Scam. appeared first on VICE.