• Routing #:
  • Log in to Online Banking
PyraMax Bank
FDIC Digital Sign, using the official FDIC wordmark. This digital sign indicates the deposit institution is backed by the full faith and credit of the US government.

Urgent warning to all 1.8b iPhone users over new scam emptying bank accounts.

A new warning has been issued to all iPhone users about a scam that hijacks its own servers to push fake purchase alerts. 

Hackers are creating fake emails disguised as purchase notifications coming directly from the tech giant, according to a report from Bleeping Computer.

The warning was prompted after a user shared a suspicious email that contained a fraudulent PayPal payment and a message to call if they wanted to discuss the charges. 

'Hello Customer, Your PayPal account has been billed $599.00. We're confirming receipt of your recent payment,' stated the email from 'noreply@email.apple.com'.

The phishing email was actually an iCloud Calendar invite, with the scam text hidden in the Notes field and sent to a Microsoft 365 address controlled by the attacker. 

When an event like this is created, Apple automatically sends an email from its own servers (noreply@email.apple.com) using the calendar owner's name. 

In this case, the invite went to a Microsoft 365 account believed to be a mailing list, which then forwarded the message to multiple recipients, similar to an earlier PayPal-based phishing campaign. 

The attackers wanted victims to call back, where they would be told their accounts had been hacked.  From there, scammers aimed to trick them into installing malicious software, giving criminals access to steal logins or drain bank accounts. 

The attack is known as a phishing scam, a cyberattack where criminals send deceptive communications.

This is done through emails, texts or calls impersonating legitimate organizations or people to steal sensitive information such as passwords, bank details or personal data, or to install malware on a victim's device.

Bleeping Computer noted that the email the user received was sent from Apple's own email, allowing it to bypass security checks.

The Daily Mail has reached out to Apple for comment.

Scammers hide fake payment alerts, like a $599 PayPal charge, in the calendar's Notes section to trick people into calling fake 'support' numbers, Jamie Akhtar, CEO of CyberSmart, told Forbes. 

'Because these invites are sent from Apple's legitimate servers, they pass authentication checks and appear trustworthy, making them far harder for traditional filters to block,' Akhtar added. 

Bleeping Computer's report highlights 'an ongoing trend of phishing that rides on reputable services,' said Javvad Malik, a security awareness advocate at KnowBe4. 

'These attacks... land in inboxes with borrowed legitimacy. 

'People don't scrutinize calendar links the way they do email links, so a meeting invite with a call-back number lowers defenses and funnels victims into vishing or remote‑access scams.' 

More from Daily Mail.