Threat actors are weaponizing iCloud Calendar invites to send convincing phishing emails directly from Apple's email servers, bypassing spam filters by exploiting legitimate infrastructure. The scams impersonate fraudulent PayPal charges to trick victims into calling attacker-controlled support numbers, enabling financial theft and malware deployment.