Threat actors are abusing iCloud Calendar invites to send callback phishing emails via Apple’s servers, passing SPF/DMARC/DKIM and potentially bypassing spam filters. Lures include fake PayPal receipts directing victims to call a “support” number.