Cybersecurity researchers have warned iPhone users about a new scam taking advantage of their calendar invites.
The scheme floods victims' calendars with fake alerts designed to scare or manipulate them into handing over personal information, such as passwords and banking details.
Unlike typical malware, the scam does not require installing an app or downloading software.
Experts said the attack is triggered after users accidentally click a malicious link online.
The alerts can appear as urgent security warnings, prize notifications or fake system messages.
Because calendar subscriptions bypass the App Store, they can seem official and difficult to stop.
Researchers warned that the tactic is spreading rapidly and targeting both iPhone and iPad users.
Apple users are urged not to interact with suspicious notifications, click the calendar invites and to review their calendar settings immediately.
In many cases, the scam works by tricking users into subscribing to a hidden calendar through deceptive pop-ups.
Once subscribed, scammers can push unlimited notifications directly to the device. The alerts often include links or phone numbers meant to harvest personal information or payment details.
Security experts stressed that Apple will never send virus alerts or phishing messages through the Calendar app.
Getting rid of these spam calendar alerts can take a few steps, but the process is usually straightforward.
In many cases, the alerts come from an unwanted calendar subscription. You can check for this by going to Settings > Apps > Calendar > Calendar Accounts > Subscribed Calendars.
If you see a subscription you do not recognize, delete it to stop the alerts.
Some Apple users have also shared an alternate method on Apple's support forums. One approach is to open the suspicious event, copy the sender's email address, paste it into your Mail app, then block that sender and delete the message.
You can also remove unwanted subscriptions directly from the Calendar app.
Open Calendar, tap the calendar icon at the bottom, find the questionable subscription, tap the information ('i') icon, and mark it as junk when prompted.
Researchers warned that similar notification-based scams are likely to increase as attackers look for new ways to bypass app-store security controls.
EXCLUSIVE
Strange changes to the air over Hawaii spark fears of deadly plane plunges... and danger is spreading to more vacation hotspots
Several users on Reddit's r/Apple forum reported similar experiences in response to a post from someone asking if they had been hacked.
'Rule of thumb is common sense,' one commenter wrote. 'If they're using calendar events to communicate with you, they certainly did not hack into your device.'
'You need to go into your Calendar subscriptions and remove any that you do not recognize as having subscribed to and then be more careful in opening emails going forward,' another user added.
'Perhaps set all Calendar invites to have to be manually approved instead of automatically being added from scanned emails.'
'Even if the spam invite went to your junk mail, it still shows up on your calendar,' one user pointed out.
'You have to go find it and delete it from your junk, which is a hassle. Apple needs to fix this.'